Creating ACL (access control list)

(Read 3276 times)

duckhead

Member
★★
Offline

Posts: 30

Apr 23^rd, 2008 at 4:36am

I ran a search for creating ACL's on the iDirect modem but came up with nothing. �If I missed it please someone post a link.

This is a pretty simple and basic question (at least I believe it is). �Creating a MAC ACL on iDirect... How do I do it? Can it be done? or is the only possible way to do it is with static IP's?

Any help would be appreciated. �Thanks!

EDIT: I understand it would be pretty simple with a cisco router inline but I'd like to try and do it straight from the iDirect modem... �Thanks again

« Last Edit: Apr 23^rd, 2008 at 8:57am by duckhead »

IP Logged

Ex Member Ex Member	Reply #1 - Apr 23^rd, 2008 at 11:57am I have never done it, and to be honest I am not sure it can be done. I will nose around and see what I can find out.
Back to top	IP Logged

duckhead Member ★★ Offline Posts: 30	Reply #2 - Apr 23^rd, 2008 at 12:43pm I was hoping you weren't gonna say that:) Haha... I searched a bit and came up with nothing. The closest thing to anything remotely promising was this link here. https://arcusnet.com/UserFiles/Image/Files/Efficiencies_of_iDirect_Technology.pd f It just briefly touches base on it. Hope to hear good news and thanks for the help Mike...
Back to top	IP Logged

Scout

Senior Member
★★★
Offline

Posts: 86

Reply #3 - Apr 24^th, 2008 at 12:12pm

ACL's on the idirect platform have to be configured in the filter setup. this is done in iBuilder from the hub location under the QoS folder. you can filter out just about anything you like, from protocols, to ports to IP addresses or ranges of all the above, you can create multiple rules per filter and apply this to the remote.
It's not a strictly Cisco implementation of ACL, top down and last matching rule is Deny all type affair, but it can be configured to give a pretty good ACL.

IP Logged

duckhead

Member
★★
Offline

Posts: 30

Reply #4 - Apr 25^th, 2008 at 10:05am

Thanks Scout!

Now you said pretty much anything... I'm assuming this includes MAC's.

I havn't had the privy of using iBuilder so I'm not to familiar with it... I'll try to talk to the NOC about this...

Great info!!!

I can't alter this in the option file? �The NOC has to have this in there configs?

EDIT: I had the NOC send me a screenshot of the QoS folder from iBuilder. It looks pretty basic...(filter DNS, filter FTP, filter SSH, filter Mail) unless you have more options when you click the details button.

« Last Edit: Apr 25^th, 2008 at 3:44pm by duckhead »

IP Logged

Ex Member Ex Member	Reply #5 - Apr 26^th, 2008 at 12:58pm Scout is right. �It didnt even cross my mind that you can use the filter rules. �I dont use them, therefore I didnt even think about it. �
Back to top	IP Logged

Scout

Senior Member
★★★
Offline

Posts: 86

Reply #6 - Apr 29^th, 2008 at 4:39pm

You can filter on Source IP, Destination IP, Source and Destination Ports(IP and Ports can be hosts or ranges, and can be equal to or not equal to), VLAN ranges, Protocol(of which there are around 130 listed in the standard configuration box), DSCP, TOS and Precedence. all of these can be Allow or deny statements, and you can have any mixture of the above, as individual rules in an ACL, or combined to make very specific rules and then combined with more in the ACL. idirect really have got a gem hidden here that not many people use as it is typically done at the hub with a Cisco and ACL there.

you do have to have this configured by the hub team, but then if you tell them what you need to have blockedallowed I am sure they can assist.

IP Logged

Pages: 1

Send Topic | Print

Disclaimer, Terms of Use and Privacy Forum User Agreement Forum rules Cookie policy.