4-15
Cisco Service Control Engine 1000 2xGBE Quick Start Guide
OL-7822-06
Chapter 4 Connect the Management Interfaces and Perform Initial System Configuration
Perform the Initial System Configuration
Step 6
If you entered a specific IP address, enter the wildcard bits to define a range of IP addresses and press
Enter . (See
Entry Formats, page 4-13
.)
To define an individual IP address, type 0.0.0.0 and press Enter .
There is no default for this parameter.
Enter wildcard bits:
Step 7
The maximum number of entries in an ACL is 20.
If the “any” option was used, no other IP addresses may be added to the list.
•
To add more entries, type
y
and press
•
Enter
Would you like to add another entry to this list? [no]:y
•
Enter up to 20 entries as described in step 5 and step 6.
•
When all entries have been added, press
•
Enter
Would you like to add another entry to this list? [no]:
Step 8
When all entries are added to one list, you are asked whether you would like to create another ACL. You
may define up to 99 ACLs.
•
To create another ACL, type
y
and press
•
Enter
Would you like to configure another list? [no]: y
•
Enter up to 20 IP addresses in this new ACL, as described in step 5 and step 6.
•
When all ACLs have been created, press press Enter.
Would you like to configure another list? [no]:
•
You are now prompted to assign the desired ACLs to restrict IP and Telnet access.
Step 9
Restrict IP access to the SCE 1000 by assigning the appropriate ACL.
Type the number of the ACL to be assigned to IP access and press press Enter.
To accept the default ACL, press press Enter.
Enter IP access-class [0]:
Step 10
Restrict Telnet access to the SCE 1000 by assigning the appropriate ACL.
Type the number of the ACL to be assigned to the Telnet interface and press
Enter
.
To accept the default ACL, press
Enter
.
Enter Telnet access-class [0]: 2
Examples
EXAMPLE 1:
This example illustrates a common access control scenario. Let us assume the following:
•
We want to permit every station to access the SCE platform on the management port (for example
ping, SNMP polling etc.).
•
We want to restrict Telnet access to only a few permitted stations.
We therefore need to create two access control lists:
•
For general IP access — permit access to all IP addresses.