6-58
Cisco MWR 1941-DC Mobile Wireless Edge Router Software Configuration Guide
OL-11503-01
Chapter 6 Configuring the MWR 1941-DC in a Cell Site DCN
Filtering IP Packets Using Access Lists
section on page 6-50
. The
time-range
command is described in the “Performing Basic System
Management” chapter of the
Cisco IOS Configuration Fundamentals Configuration Guide
. See the
“Time Range Applied to an IP Access List Example” section on page 6-62
for a configuration example
of IP time ranges.
Possible benefits of using time ranges include the following:
•
The network administrator has more control over permitting or denying a user access to resources.
These resources could be an application (identified by an IP address/mask pair and a port number),
policy routing, or an on-demand link (identified as interesting traffic to the dialer).
•
Network administrators can set time-based security policy, including the following:
–
Perimeter security using the Cisco IOS Firewall feature set or access lists
–
Data confidentiality with Cisco Encryption Technology or IP Security Protocol (IPSec)
•
Policy-based routing (PBR) and queueing functions are enhanced.
•
When provider access rates vary by time of day, it is possible to automatically reroute traffic cost
effectively.
•
Service providers can dynamically change a committed access rate (CAR) configuration to support
the quality of service (QoS) service level agreements (SLAs) that are negotiated for certain times of
day.
•
Network administrators can control logging messages. Access list entries can log traffic at certain
times of the day, but not constantly. Therefore, administrators can simply deny access without
needing to analyze many logs generated during peak hours.
Including Comments About Entries in Access Lists
You can include comments (remarks) about entries in any named IP access list using the
remark
access-list configuration command. The remarks make the access list easier for the network
administrator to understand and scan. Each remark line is limited to 100 characters.
The remark can go before or after a
permit
or
deny
statement. You should be consistent about where
you put the remark so it is clear which remark describes which
permit
or
deny
statement. For example,
it would be confusing to have some remarks
before
the associated
permit
or
deny
statements and some
remarks
after
the associated statements. The standard and extended access list task tables in the
“Creating Standard and Extended Access Lists Using Numbers” section on page 6-46
and
“Creating
Standard and Extended Access Lists Using Names” section on page 6-50
include the
remark
command.
See the
“Commented IP Access List Entry Examples” section on page 6-63
for examples of commented
IP access list entries.
Remember to apply the access list to an interface or terminal line after the access list is created. See the
following section “
Applying Access Lists
” for more information.
Applying Access Lists
After creating an access list, you must reference the access list to make it work. To use an access list,
perform the tasks described in the following sections. The tasks in the first section are required; the tasks
in the remaining sections are optional:
•
Controlling Access to a Line or Interface
(Required)
•
Controlling Policy Routing and the Filtering of Routing Information
(Optional)
•
Controlling Dialer Functions
(Optional)
Summary of Contents for MWR 1941-DC - 1941 Mobile Wireless Router
Page 49: ...P A R T 1 Implementing the MWR 1941 DC Router in an IP RAN ...
Page 50: ......
Page 107: ...P A R T 2 Implementing the MWR 1941 DC Router in a Cell Site DCN ...
Page 108: ......