User's Manual



44JadeOSUserManual

Chapter7 Network Security

JadeOS is always deployed in gateway, which much data goes through it. The network

environment of equipment is very complex and faces network security threat. This

chapter will describe JadeOS network security and how to configure it.

7.1 Access Control List (ACL)

Access Control List (ACL) defines the network access.ACL is the combination of

rules; each rule can specify one matched rule and one operation. Matched rule is

based on IP address or port number; operation is ‘permit’ or ‘deny’. The ACL is to

match rules in sequence.

JadeOS have an implicit rule of ‘deny’ for each ACL, so you should add the corre-

sponding rule and specify the operation is ‘permit’ if you want to allow one type of

traffic go through it. Through ACL, we can control users’ traffic exactly so that to en-

sure network security.

7.1.1 Standard ACL

Standard ACL rule can specify the operation is ‘deny’ or ‘permit’; the matched rule is

any, ip address and network segment.

Step 1 Create a standard ACL named test-standard

(JadeOS) (config)#ip access-list standard test-standard

Step 2 Deny all the traffic in network segment 192.168.1.0/255.255.255.0

(JadeOS) (config-std-test-standard)#deny 192.168.1.0 255.255.255.0

Step 3 Allow all the traffic in network segment 192.168.0.0/255.255.0.0

(JadeOS) (config-std-test-standard)#permit 192.168.0.0 255.255.0.0

Step 4 Deny all the other traffic.

(JadeOS) (config-std-test-standard)#deny any

7.1.2 Extended ACL

Extended ACL can specify the operation is ‘deny’ or ‘permit’; the matched rule can

specify the protocol number(any, tcp, udp, icmp, igmp), source IP address or network

segment, destination IP address or network segment, range of port number.

Step 1 Create extended ACL named test-extended

(JadeOS) (config)#ip access-list standard test-extended