Aplicar em todos os roteadores.
Os prefixos públicos do cliente devem ser adicionados nas pools de IPv4 para ACL REDE-GERAL e REDE-PUBLICA.
sys
acl ip-pool REDE_GERAL
!PREFIXOS PRIVADOS
ip address 10.0.0.0 0.255.255.255
ip address 100.64.0.0 0.63.255.255
ip address 172.16.0.0 0.15.255.255
ip address 192.168.0.0 0.0.255.255
!PREFIXOS PUBLICOS DO CLIENTE
!ip address 99.70.0.0 22
commit
#
acl name BYPASS_REDE_GERAL advance
rule permit ip source-pool REDE_GERAL destination-pool REDE_GERAL
commit
#
traffic classifier BYPASS_REDE_GERAL operator or
if-match acl name BYPASS_REDE_GERAL
#
acl ip-pool REDE_PRIVADA
!PREFIXOS PRIVADOS
ip address 10.0.0.0 0.255.255.255
ip address 100.64.0.0 0.63.255.255
ip address 172.16.0.0 0.15.255.255
ip address 192.168.0.0 0.0.255.255
commit
#
acl ip-pool REDE_PUBLICA
!PREFIXOS PUBLICOS DO CLIENTE
!ip address 99.70.0.0 22
commit
#
acl ip-pool SMART_LAYER
ip address 45.70.144.0 22
ip address 10.150.0.0 16
commit
#
Os endereços que vão acessar o equipamento via SSH devem ser adicionados na pool de IPv4 para ACL ACESSO_SSH.
sys
acl ip-pool ACESSO_SSH
ip address 192.168.0.0 24
ip address 45.70.144.0 22
ip address 45.163.105.255 32
ip address 10.0.0.0 8
commit
#
acl name ACESSO_SSH advance
rule permit ip source-pool ACESSO_SSH
commit
#
ssh server acl ACESSO_SSH
commit
#
Os endereços que vão consultar o equipamento via SNMP devem ser adicionados na pool de IPv4 para ACL ACESSO_SNMP.
sys
acl ip-pool ACESSO_SNMP
ip address 10.0.0.0 8
ip address 172.16.0.0 12
ip address 100.64.0.0 10
ip address 192.168.0.0 16
!PREFIXOS PUBLICOS DO CLIENTE
!ip address 99.70.0.0 22
commit
#
acl name ACESSO_SNMP advance
rule permit ip source-pool ACESSO_SNMP
commit
#
snmp-agent acl ACESSO_SNMP
commit
#
sys
traffic behavior ENABLE
commit
#
sys
traffic policy OUTBOUND
share-mode
statistics enable
commit
#
traffic-policy OUTBOUND outbound global-acl
y
commit
#
sys
traffic policy INBOUND
share-mode
statistics enable
commit
#
traffic-policy INBOUND inbound global-acl
classifier BYPASS_REDE_GERAL behavior ENABLE precedence 1
y
commit
#