Home > Success Center > Network Configuration Manager (NCM) > NCM 7.6 Administrator Guide > Common tasks > Block all private addresses with an access control list

Block all private addresses with an access control list

Created by Caroline Juszczak, last modified by Anthony.Rinaldi on Oct 03, 2016

Views: 283 Votes: 0 Revisions: 4

Routers connected the Internet are normally configured to discard any traffic using private IP addresses. This isolation gives your private network a basic form of security as it is not usually possible for the outside world to establish a connection directly one of your network devices using these addresses. The following procedure updates the access control list to block all private IP addresses on several devices at the same time.

Back up the running configuration

  1. Click My Dashboards > Configs > Configuration Management.
  2. Select one or more nodes.
  3. Click Download > Running.

Update the access control list for a group of nodes

  1. Click My Dashboards > Configs > Jobs.
  2. Click Create New Job.
  3. Name the job, and select Execute Command Script on Devices from Job Type.
  4. Select the Schedule Type. If you are creating an Advanced schedule, use the five fields to create an appropriate cron expression.
  5. Add a comment if this job relates to a business rule, and click Next.
  6. Select the nodes to target with this job, and click Next.
  7. Select an email notification option, and click Next. If you click Email Results, the default Email Notification Settings and SMTP Server Settings Email Notification Settings and SMTP Server Settings are populated. These settings can be overridden in each job.
  8. Add the script to execute.
    • If you want to load a saved script, click Load Saved Script, and select a script.
    • If you want to load an existing script from disk, click Load Script from File, browse to the file, and click Open.
    • If you want to create a new script, enter your script in the text box. For example:

      ${EnterConfigMode}
      access-list 102 deny ip 10.0.0.0 0.255.255.255 any log
      access-list 102 deny ip 172.16.1.0 0.15.255.255 any log
      access-list 102 deny ip 192.168.0.0 0.0.255.255 any log
      exit
      write memory

      Where 102 is the name of the ACL. ${EnterConfigMode} is a variable that is equivalent to config terminal on Cisco devices.

  9. If you want to save a script, click Save Script, specify a location, and click Save.
  10. Select Filter Results that match a pattern if you want to see in the script output only those lines that match a specific regular expression pattern.
  11. Select Show Commands in Output to view what SolarWinds NCM sent to the targeted devices.
  12. Click Next.
  13. Review the settings for the job, and click Finish.

Verify success by comparing configs

  1. Click My Dashboards > Configs > Configuration Management.
  2. Select one or more nodes, and click Compare Node(s) Configs.
  3. Select a config from each list.
  4. Click Compare Selected. Changes to are highlighted in red, green, and yellow.

 

You must to post a comment.
Last modified
17:39, 3 Oct 2016

Tags

Classifications

Public