Network Enhancers - "Delivering Beyond Boundaries" Headline Animator

Live Technology News

Loading...

Wednesday, February 9, 2011

Converting ACL from Cisco IOS to JUNOS


This article show you how to convert the ACL configration in Cisco IOS to JUNOS.

Cisco's IOS:

access-list 101 permit tcp 192.168.1.0 0.0.0.255 any eq ftp
access-list 101 permit tcp 192.168.1.0 0.0.0.255 any eq ftp-data
access-list 101 permit tcp 192.168.1.0 0.0.0.255 any eq telnet
access-list 101 permit tcp 192.168.1.0 0.0.0.255 any eq ssh
access-list 101 permit tcp 128.29.31.0 0 0.0.0.255 any eq ftp
access-list 101 permit tcp 128.29.31.0 0.0.0.255 any eq ftp-data
access-list 101 permit tcp 128.29.31.0 0.0.0.255 any eq telnet
access-list 101 permit tcp 128.29.31.0 0.0.0.255 any eq ssh
access-list 101 permit tcp 207.46.150.0 0.0.0.255 any eq ftp
access-list 101 permit tcp 207.46.150.0 0.0.0.255 any eq ftp-data
access-list 101 permit tcp 207.46.150.0 0.0.0.255 any eq telnet
access-list 101 permit tcp 207.46.150.0 0.0.0.255 any eq ssh
access-list 101 permit tcp 206.132.25.0 0.0.0.255 any eq ftp
access-list 101 permit tcp 206.132.25.0 0.0.0.255 any eq ftp-data
access-list 101 permit tcp 206.132.25.0 0.0.0.255 any eq telnet
access-list 101 permit tcp 206.132.25.0 0.0.0.255 any eq ssh
access-list 101 permit tcp 208.48.26.0 0.0.0.255 any eq ftp
access-list 101 permit tcp 208.48.26.0 0.0.0.255 any eq ftp-data
access-list 101 permit tcp 208.48.26.0 0.0.0.255 any eq telnet
access-list 101 permit tcp 208.48.26.0 0.0.0.255 any eq ssh
access-list 101 permit tcp 207.159.55.0 0.0.0.255 any eq ftp
access-list 101 permit tcp 207.159.55.0 0.0.0.255 any eq ftp-data
access-list 101 permit tcp 207.159.55.0 0.0.0.255 any eq telnet
access-list 101 permit tcp 207.159.55.0 0.0.0.255 any eq ssh
access-list 101 permit tcp 167.216.192.0 0.0.0.255 any eq ftp
access-list 101 permit tcp 167.216.192.0 0.0.0.255 any eq ftp-data
access-list 101 permit tcp 167.216.192.0 0.0.0.255 any eq telnet
access-list 101 permit tcp 167.216.192.0 0.0.0.255 any eq ssh
access-list 101 deny any log


Juniper's JUNOS:

filter trusted-prefixes {
   term controlled-access {
     from {
        address {
                     192.168.1.0/24;
                     128.29.31.0/24;
                     207.46.150.0/24;
                     206.132.25.0/24;
                     208.48.26.0/24;
                     207.159.55.0/24;
                    167.216.192.0/24;
                    }
      protocol tcp;
      port [ ftp ftp-data telnet ssh ];
      }
  then accept;
  }
term access-denied {
    then {
           log;
          reject;
          }
     }
}

No comments:

Post a Comment

My Blog List

Networking Domain Jobs