Basic Access-Lists

From IPFlow Netflow Collector

In this section, we will see how to set up a basic access-list.

Please consider the following configuration: 

router Cisco_837 {
    ip-address 192.168.155.1;
    snmp-community netflow;

    netflow {
        version 5;
        receiver-port 20000;
    };

    /* All flows are analyzed with the "r1" rule */
    rule r1;
};

/* Select non-TCP trafic with source addresses in 192.168.155.0/24 subnet */
access-list acl_example {
    term "exclude_tcp" {
        action deny;
        protocol tcp;
    };

    term "source_192.168.155.0/24" {
        action permit;
        src-addr 192.168.155.0;
        src-mask 255.255.255.0;
    };
};

rule r1 {
    term 1 {
        access-list acl_example;
        color white;
    };
};


In this example, we want to display non-tcp flows from the 192.168.155.0/24 subnet.

Output example: 

$ ipflow collector config-acl1.txt 
IPFlow Collector - Release 0.49.8.2 22-Apr-05 (CURRENT)
Compiled at Apr 25 2005 16:51:35 by Christophe Fillot (cf@utc.fr)

Initializing IPv4 and IPv6 MLS caches.
IPv4 MLS: level-4, IPv6 MLS: level-16
Hostname: alpha
Default IPv4 address: 192.168.155.6.
Default IPv6 address: undefined.
Creating site matrix for traffic classifier.
8 sites, 2 networks found in configuration.
Retrieving Cisco_837 interface list by SNMP...
Router Cisco_837 supervised (18 interfaces detected).
ctlqueue_init: ftok: No such file or directory
IPFlow is using 44 Kb of memory in 476 blocks.
MLS: memory allocated by IPv4 cache: 2 Kb (2 blocks), by IPv6 cache: 2 Kb (2 blocks).
Enabling Netflow export on 1 router(s).
Netflow v5 enabled for router Cisco_837. Port=20000
Thread Cisco_837: socket buffer size: 262144 bytes (system default: 131072 bytes)
IPFlow is now up and running.
Cisco_837    2005-04-25 16:49:39.410 | 192.168.155.2   | 192.168.155.1   | icmp     0   771 | P:     3 | S:     576 | T:  26024 | Ethernet0              -> *local*
Cisco_837    2005-04-25 16:50:27.932 | 192.168.155.6   | 62.4.16.70      | udp   1025    53 | P:     1 | S:      51 | T:      0 | Ethernet0              -> *local*
Cisco_837    2005-04-25 16:50:27.992 | 192.168.155.6   | 192.168.155.1   | udp   1025   161 | P:   127 | S:    9397 | T:    940 | Ethernet0              -> *local*
Cisco_837    2005-04-25 16:50:30.484 | 192.168.155.2   | 192.168.155.1   | icmp     0   771 | P:     1 | S:     128 | T:      0 | Ethernet0              -> *local*
Retrieved from "http://www.ipflow.utc.fr/index.php/Basic_Access-Lists"