So I've been reading IP ACL's in AOS but i'm starting to believe although the NV1234 will let you configure ACL's it would apply them because there isn't a Firewall feature on that model.
ip access-list standard NAME
permit host x.x.x.x log
permit host y.y.y.y log
deny any log
Trying to setup a simple ACL, accept all traffic from our office and monitoring service, block everything else.
WLR-NV1234-210#sh ver
ADTRAN, Inc. OS version 18.01.04.00
Mainline Version: M04
Checksum: 39AF96BF
Built on: Mon Oct 10 16:11:16 2011
Upgrade key: 0c1273b192c938f2255037941efea82c
Boot ROM version 17.03.02.SB
Checksum: D951
Built on: Thu Oct 29 07:14:38 2009
Copyright (c) 1999-2011, ADTRAN, Inc.
Platform: NetVanta 1234, part number 1700594G1
Serial number LBADTN1116AC532
Flash: 8388608 bytes DRAM: 67108863 bytes
WLR-NV1234-210 uptime is 2 weeks, 5 days, 10 hours, 15 minutes, 25 seconds
System returned to ROM by Other
Current system image file is "NV123XA-18-01-04-00.biz"
Boot system image file is "NV123XA-18-01-04-00.biz"
Primary system configuration file is "startup-config"
I'm not famaliar with that model... but generally a firewall operates on layer 3 and that is a layer 2 switch.... so my guess is that it isn't possible.
I'm not famaliar with that model... but generally a firewall operates on layer 3 and that is a layer 2 switch.... so my guess is that it isn't possible.
Makes sense, guess I got somewhat excited when it allowed me to configure ACL's but only later let me down.
Actually, there are Hardware ACLs which allow that sort of thing but I think that model doesn't support it. Maybe a product expert could chime in and let us know for sure.
Product Support Matrix doesn't say the 1234 supports it: AOS Feature Matrix - Product Feature Matrix
At least that's my logic...
is correct on both accounts. Typically, ACLs on layer two switches are used for Configuring Hardware ACLs in AOS, but the NetVanta 123x Series do not support Hardware ACLs.
The reason you can configure ACLs on layer 2 switches without Hardware ACLs is for administrative access restrictions (i.e ip access-class <acl name> in or http ip access-class <acl name> in) for management interfaces (Telnet, SSH, HTTP, HTTPS) and debugging purposes (i.e. debug ip packet <acl name> detail | dump).
Levi
YES!!!! This works, DIME / LEVI thanks for the help
ip access-list standard MGMT
permit host x.x.x.x log
permit host y.y.y.y log
permit host z.z.z.z log
deny any log
ip http access-class MGMT in
line telnet 0 4
login
no shutdown
ip access-class MGMT in
line ssh 0 4
login local-userlist
no shutdown
ip access-class MGMT in