100% found this document useful (1 vote)
105 views2 pages

Aula Final - Extra

This document discusses configuration of access control lists (ACLs) and client protection on a network device. It defines ACLs to allow management access from certain IP ranges and deny forwarding, and also blocks certain ports and IP addresses while allowing exceptions. The ACLs are applied to the uplink interface to implement this access control and forwarding policy.

Uploaded by

cleitomanderson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
100% found this document useful (1 vote)
105 views2 pages

Aula Final - Extra

This document discusses configuration of access control lists (ACLs) and client protection on a network device. It defines ACLs to allow management access from certain IP ranges and deny forwarding, and also blocks certain ports and IP addresses while allowing exceptions. The ACLs are applied to the uplink interface to implement this access control and forwarding policy.

Uploaded by

cleitomanderson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Aula Final - Extra

Nesta aula extra falaremos sobre acls e proteção de clientes e da caixa.

Presentinho do Pacheco

acl name IPV4_MANAGEMENT basic number 2999


description Management Control
rule 10 permit source 138.99.160.0 0.0.3.255
rule 20 permit source 138.99.196.0 0.0.3.255
rule 30 permit source 100.64.0.0 0.63.255.255
rule 666 deny
#

snmp-agent community read NetEducation acl 2999


ssh server acl 2999
ssh ipv6 server acl 2999
snmp-agent protocol server ipv6 disable

# Proteção Clientes
# Lista de IPs Bloqueados
acl ip-pool IPV4_MGMT_BLOCKED
ip address 10.0.0.0 0.255.255.255
#

# Lista de IPs Liberados ( dentro dos bloqueados )


acl ip-pool IPV4_MGMT_BLOCKED_DST_EXCEPTION
ip address 10.0.0.213 0.0.0.0
#

# Lista de quem acessa todo mundo.


acl ip-pool IPV4_MGMT_BLOCKED_SRC_EXCEPTION
ip address 100.64.0.0 0.63.255.255
#

# Portas Bloqueadas
acl port-pool IPV4_BLOCKED_PORTS
eq 3389
eq 8080
eq 9000
eq 1212
lt 1025
#

acl name DROP-FORWARDING advance


description DROP FORWARD

# Permitir o acesso total a quem estiver na IPV4_MGMT_BLOCKED_SRC_EXCEPTION, em


TCP e UDP.
rule 10 permit tcp source-pool IPV4_MGMT_BLOCKED_SRC_EXCEPTION
rule 20 permit udp source-pool IPV4_MGMT_BLOCKED_SRC_EXCEPTION
# Permitir acesso as portas negadas na lista IPV4_BLOCKED_PORTS para quem estiver
na lista IPV4_MGMT_BLOCKED_DST_EXCEPTION
rule 30 permit tcp destination-pool IPV4_MGMT_BLOCKED_DST_EXCEPTION destination-
port-pool IPV4_BLOCKED_PORTS
rule 40 permit udp destination-pool IPV4_MGMT_BLOCKED_DST_EXCEPTION destination-
port-pool IPV4_BLOCKED_PORTS

# Negar as portas baixas da lista IPV4_BLOCKED_PORTS com destino a lista


IPV4_MGMT_BLOCKED
rule 666 deny tcp destination-pool IPV4_MGMT_BLOCKED destination-port-pool
IPV4_BLOCKED_PORTS
rule 667 deny udp destination-pool IPV4_MGMT_BLOCKED destination-port-pool
IPV4_BLOCKED_PORTS

traffic classifier C-DROPFORWARD operator or


if-match acl name DROP-FORWARDING
#

traffic behavior B-DROPFORWARD


#

traffic policy P-DROPFORWARD


undo share-mode
classifier C-DROPFORWARD behavior B-DROPFORWARD precedence 1
#

#Aplicou na UPLINK
traffic-policy P-DROPFORWARD inbound
traffic-policy P-DROPFORWARD outbound

#IPv6
acl ipv6 name DROP-FORWARDING-IPV6 advance
description DROP FORWARD IPV6
rule 10 permit ipv6 source 2001DB832
rule 20 deny tcp destination 2001DB832 destination-port lt 1024
rule 21 deny udp destination 2001DB832 destination-port lt 1024
rule 30 deny tcp destination 2001DB832 destination-port eq 3389
rule 31 deny udp destination 2001DB832 destination-port eq 3389
#

traffic classifier C-DROPFORWARD operator or


if-match acl name DROP-FORWARDING
if-match ipv6 acl name DROP-FORWARDING-IPV6
#

You might also like