Rule: Integrated Access Control
- Viktoryia Varapayeva (Deactivated)
You are free to organize rules as you see fit. The following example combines the access related rules from above into a single rule:
Description: Ensures that only authorized individuals and hosts can access our network devices.
[Config File Must Contain]
access-list 10 permit 10.76.4.[0-9]+
access-list 10 permit 10.48.3.[0-9]+
access-list 11 permit 10.76.15.45
access-list 101 permit ip 10.98.34.0.* any
snmp-server community r3adc5 RO 10
snmp-server community wr1t3c5 RW 11
banner motd ^C
ALL UNAUTHORIZED ACCESS TO THIS SYSTEM WILL BE
PROSECUTED TO THE MAXIMUM EXTENT ALLOWED BY
U.S. FEDERAL AND MARYLAND STATE LAW.
^C
[Config File May Not Contain]
access-list.*
snmp-server community.*
Some variables, specifically the $Model and $IPAddress values, cannot be used for building Rules with device attributes:
$Model in ["cat4506", "3725"]
$IPAddress in [10.1.3.56, 10.2.0.0/16]
For Rules in the Policy Design Center, simply use a comma-separated format.