Whitelisting RB2011uas-2hnd-in

Jenkins84 · December 18, 2013, 5:52am

I have just gotten an RB2011UAS-2HND-IN. I am new to advanced features of router. I want to setup two LANs on this router. I need to allow normal internet traffic to PCs on first network, but I want to Whitelist the second network (PBX) so that only the sip provider’s IPs and LAN traffic can go through to PBX and phones. What would be the best way to set up this Whitelist?

Thank you

aaronhun22 · December 23, 2013, 8:03pm

You would use an address group and then add it to the firewall allow list.

ip firewall address-list add list="SIP Allowed" address=sip-address
ip firewall filter add chain=forward src-address-list="SIP Allowed" action=accept dst-address=sip-network
ip firewall filter add chain=forward dst-address=sip-network action=drop