myst Posted October 7, 2014 Posted October 7, 2014 (edited) Что-то я с наскоку не могу врубиться. В IOS есть такие замечательные конструкции типа: object-group network ADM 10.0.30.0 255.255.254.0 ! object-group network ADM_SRV 10.0.3.0 255.255.255.0 10.10.32.0 255.255.255.0 ! object-group network DMZ group-object ADM group-object ADM_SRV object-group network LocalNet 10.0.0.0 255.0.0.0 192.168.0.0 255.255.0.0 ! object-group network Local group-object LocalNet ip access-list extended DMZ_IN permit ip any object-group DMZ deny ip object-group Local object-group Local permit ip any any ip access-list extended DMZ_OUT permit ip object-group DMZ any deny ip object-group Local object-group Local permit ip any any Что удобно понятно, лаконично. А в ASR как? Rou(config)#object-group ? security Security object group Rou(config)#object-group security DMZ Rou(config-security-group)#gr Rou(config-security-group)#group-object ? WORD Nested object group name Rou(config-security-group)#group-object ADM Object group ADM is not configured Rou(config-security-group)#? Security object group configuration commands: description User object group description exit Exit from User policy-group configuration mode group-object Nested object group no Negate or set default values of a command security-group Security Group Tag И все собственно. asr1001-universalk9.03.11.00.S.154-1.S-stdn License Level: advipservices Хотя http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/sec-data-zbf-xe-book/sec-zbf-ogacl.html Security Configuration Guide: Zone-Based Policy Firewall, Cisco IOS XE Release 3S Говорит что есть. Собственно CFN говорит что .3.12 .3.13, но насколько оно там юзабельно и сами ветки стабильны? Вот в чем вопрос... Edited October 7, 2014 by myst Вставить ник Quote
.png.5d2afa2996cc6a85d0f2c09b92dd0a28.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.