cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
New Contributor II

NV1234 Simple ACL

Jump to solution

So I've been reading IP ACL's in AOS but i'm starting to believe although the NV1234 will let you configure ACL's it would apply them because there isn't a Firewall feature on that model.

ip access-list standard NAME

  permit host x.x.x.x log

  permit host y.y.y.y log

  deny   any log

Trying to setup a simple ACL, accept all traffic from our office and monitoring service, block everything else.

WLR-NV1234-210#sh ver

ADTRAN, Inc. OS version 18.01.04.00

  Mainline Version: M04

  Checksum: 39AF96BF

  Built on: Mon Oct 10 16:11:16 2011

  Upgrade key: 0c1273b192c938f2255037941efea82c

Boot ROM version 17.03.02.SB

  Checksum: D951

  Built on: Thu Oct 29 07:14:38 2009

Copyright (c) 1999-2011, ADTRAN, Inc.

Platform: NetVanta 1234, part number 1700594G1

Serial number LBADTN1116AC532

Flash: 8388608 bytes  DRAM: 67108863 bytes

WLR-NV1234-210 uptime is 2 weeks, 5 days, 10 hours, 15 minutes, 25 seconds

System returned to ROM by Other

Current system image file is "NV123XA-18-01-04-00.biz"

Boot system image file is "NV123XA-18-01-04-00.biz"

Primary system configuration file is "startup-config"

Tags (1)
0 Kudos
Reply
1 Solution

Accepted Solutions
Highlighted
New Contributor III

Re: NV1234 Simple ACL

Jump to solution

I'm not famaliar with that model... but generally a firewall operates on layer 3 and that is a layer 2 switch.... so my guess is that it isn't possible.

View solution in original post

0 Kudos
Reply
5 Replies
Highlighted
New Contributor III

Re: NV1234 Simple ACL

Jump to solution

I'm not famaliar with that model... but generally a firewall operates on layer 3 and that is a layer 2 switch.... so my guess is that it isn't possible.

View solution in original post

0 Kudos
Reply
Highlighted
New Contributor II

Re: NV1234 Simple ACL

Jump to solution

Makes sense, guess I got somewhat excited when it allowed me to configure ACL's but only  later let me down.

0 Kudos
Reply
Highlighted
New Contributor III

Re: NV1234 Simple ACL

Jump to solution

Actually, there are Hardware ACLs which allow that sort of thing but I think that model doesn't support it.  Maybe a product expert could chime in and let us know for sure.

Hardware ACLs:

Product Support Matrix doesn't say the 1234 supports it: AOS Feature Matrix - Product Feature Matrix

At least that's my logic...

Highlighted
Anonymous
Not applicable

Re: NV1234 Simple ACL

Jump to solution

:

is correct on both accounts.  Typically, ACLs on layer two switches are used for Configuring Hardware ACLs in AOS, but the NetVanta 123x Series do not support Hardware ACLs. 


The reason you can configure ACLs on layer 2 switches without Hardware ACLs is for administrative access restrictions (i.e ip access-class <acl name> in or http ip access-class <acl name> in) for management interfaces (Telnet, SSH, HTTP, HTTPS) and debugging purposes (i.e. debug ip packet <acl name> detail | dump).  

Levi

Highlighted
New Contributor II

Re: NV1234 Simple ACL

Jump to solution

YES!!!!   This works, DIME / LEVI thanks for the help

ip access-list standard MGMT

  permit host x.x.x.x log

  permit host y.y.y.y log

  permit host z.z.z.z log

  deny   any log

ip http access-class MGMT in

line telnet 0 4

  login

  no shutdown

  ip access-class MGMT in

line ssh 0 4

  login local-userlist

  no shutdown

  ip access-class MGMT in