Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

General Security Commands

16-88 Configuring Security

Examples

Thefollowingexampleallowsaccessonlytothosehostsonthethreespecifiednetworks.The

wildcardbitsapplytothehostportionsofthenetworkaddresses.Anyhostwithasourceaddress

thatdoesnotmatchtheaccessliststatementswillberejected.

XSR(config)#access-list 1 permit 192.5.34.0 0.0.0.255

XSR(config)#access-list 1 permit 128.88.0.0 0.0.255.255

XSR(config)#access-list 1 permit 36.0.0.0 0.255.255.255

Thefollowingexamplereplacesentry88withthefollowingentry:

XSR(config)#access-list 57 replace 88 deny host 1.2.1.2

Theexamplebelowremovesentries16,17and18fromACL87:

XSR(config)#no access-list 87 16 18

ThefollowingexampleremovestheentireACL57:

XSR(config)#no access-list 57

Thenextexamplemovesentries16‐18fromACL57toitsstart:

XSR(config)#access-list 57 move 1 16 18

Theexamplebelowmovesentry2totheendofACL57:

XSR(config)#access-list 57 move 999 2

access-list log-update-threshold

ThiscommandpublishesanACLviolationslogwhenaspecifiednumberofpacketstheXSR

processesismet.ACLviolationsloggingisupdatedeveryfiveminutessoregardlessofhowyou

specifythiscommand,thefive‐minutetimerremainsineffect.Thecommandfunctionsasfollows:

•ACLalarmsdisplaythe:ACL

groupnumber,permitordenyclause,sourceIPaddressandnumber

ofpacketsloggedinthelastfiveminutes.

•Alarmsaresettomediumseveritylevelbydefault.

•Settingthealarmseverityleveltohighwiththe

loggingcommanddisablesallACLalarms.

•Afteranupdateisreported,thelogisclearedfortheentrywiththatsourceIPandACLgroup.

• StandardandextendedACLsaresupported.

•Ifreportingisenabledforeverypacket,toomanypacketsmaylogmessagesresultinginsome

messagelossduetopacket

flooding.

Forassociatedinformationonthisfuntionality,refertothe

access-listcommandsonpage16‐84

andpage16‐86,

show access-list log-update-thresholdcommandonpage16‐92,and

loggingcommandonpage3‐88.

Syntax

access-list log-update-threshold <number-of-packets>

Caution: If the threshold is 1 packet, you may flood the XSR and generate alarms.

<number-of-packets>

Packets,rangingfrom1to2,147,483,647.

previous next