Perle Systems P840 manual General Restrictions, Internet Addresses, Ethernet Station Addresses

Page 52

Filtering

General Restrictions

Bridge Filter Masks may be created to generally restrict access for various purposes. Some of these purposes may be to filter specific combinations of information. This section will generally depict masks that may be created to control traffic across the bridged LAN network.

Internet Addresses

Within the Internet Protocol, there exist two address fields that are designated the Source and Destination Internet Addresses. It is these addresses that the IP uses for routing purposes.

To filter Internet Addresses, a mask must be created to look at the Source or Destination address field within the IP header.

As an example, assume a station’s Internet address is equal to 128.001.002.003, and a restriction is desired to prevent any other station from across the link on the opposite LAN from gaining access to it. In this case, the mask must filter any IP packet that is destined for this Internet address. The Destination address field within the IP header is at an offset of 30 octets into the Ethernet frame. This address is four octets long.

(Note: Although an Internet address is written in decimal notation, the address within the IP header is always in hexadecimal.)

To accomplish this, the mask would look like this: 12-0800&30-80010203

This will filter IP packets that contain the Internet address of 128.001.002.003.

As another example, assume that this Internet address should also be filtered if it originates any data. In addition to the mask above, an OR condition will have to be added to look at the IP source address. The new mask would be as follows: 12-0800&(26-8001020330-80010203)

This would filter any frame that is both an IP packet destined for or originating from Internet address 128.001.002.003. The parenthesis must be added around the Internet portion to ensure that the proper logical ordering is retained.

Ethernet Station Addresses

Ethernet addresses are assigned to LAN users in blocks. These blocks are normally assigned to manufacturers of Ethernet LAN hardware, and the blocks are sufficiently large to provide unique addresses for a given manufacturer for many years.

Thus, a manufacturer will have a block of addresses, and filtering may be performed to prevent a particular manufacturer’s LAN hardware from using the bridge facilities.

As an example, Xerox has a block of addresses that cover the range from 0000AA000000 to 0000AAFFFFFF. To prevent this equipment from accessing facilities on another LAN segment, a generic filter may be created. A mask that looked at the Source Ethernet address field would be required. The mask would be as follows:

6-0000AA

The remainder of the address is considered a “don’t care” condition. This mask results in the entire address block from using the segment LAN facilities.

52

Image 52
Contents Perle P840 Introduction P840 RouterIP Routing and the P840 Router ARP-Address Resolution ProtocolProxy ARP Complete IP Connection IP Header Details Icmp Messages UnreachableRedirect QuenchUpdate Mechanism RIP-Routing Information ProtocolPing Time and Mask serverInitial Bridging Process Bridging and the P840 RouterStation Address Learning Aging Timer Address Purging Filled Address TableAging Exception Telnet P840 Router Feature DefinitionsLink Compression Typical Compression Ratios by File Type WAN Topologies Bandwidth On DemandMultilink MultipointOperating Software Upgrades Time of Day Connect ApplicationWide Area Network Topologies Supported P840 Isdn Connection ManagementCall Establishment Methods Isdn Connection Management Auto-Call Time-of-Day ConnectionsAddress Connect Manual CallConnection Process CombinationIdle Timer Protocol AwarenessSuspension Process Interesting TrafficP840 Session Participation Spoofing Suspended ServerIP Specifics Termination ProcessIP Address Connect Suspension of TCP/IP SessionsConsole Connector Pinout InformationEvent Logs Event logsEvent Logs Event Logs Event Logs Event Logs Event Logs Alarm logs Event Logs Event Logs Event Logs Code Description Code Event Logs Event Logs Event Logs Event Logs Event Logs PPP Security logs MAC Address Filtering SecurityFiltering Security-Filter if DestinationSecurity-Filter if Source Security-Forward if Destination Filtering Security-Forward if SourceFiltering Bridge Pattern Filtering Pattern Filter OperatorsProtocol Discrimination Protocol Type Field Internet Protocol IPFilter all IP Packets IP, and no moreFiltering Transport Control Protocol / Internet Protocol TCP/IP Filter only TCP/IPFilter all IP without TCP traffic Filter all except TCP/IPBandwidth Conservation Filter all DECEthernet Broadcasting Ethernet MulticastingInternet Addresses General RestrictionsEthernet Station Addresses Mask Combinations Mask would be 6-010203040506&12-0800&23-06 ExampleIP Router Pattern Filtering Frame Formats Ethernet Type Codes Octet Locations on an IP Routed TCP/IP Frame Octet Locations on a Bridged XNS Frame

P840 specifications

Perle Systems is renowned for its high-performance networking hardware, and the Perle P840 model exemplifies this reputation with its advanced features and technologies. Designed for small to medium-sized enterprises, the P840 serves as a versatile and reliable solution for connectivity needs.

One of the main features of the Perle P840 is its robust network performance, supporting both Ethernet and serial connectivity. With support for RS-232, RS-422, and RS-485 interfaces, the P840 enables seamless integration of legacy devices into modern network architectures, allowing businesses to leverage existing infrastructure without the need for extensive upgrades.

The P840 also boasts advanced security features to protect sensitive data during transmission. It supports SSL encryption and VPN capabilities, ensuring that data travels securely across the network. Additionally, it implements strong authentication protocols, providing organizations with peace of mind knowing that their communications are safeguarded against potential threats.

Another standout characteristic of the P840 is its flexibility in configuration. It offers multiple port configurations, allowing for customization based on specific user needs. With options for both managed and unmanaged modes, the device can easily adapt to various network environments. This flexibility makes it suitable for diverse applications, including industrial automation, process control, and telecommunications.

The Perle P840 is designed for durability and reliability, featuring a rugged enclosure that can withstand demanding environments. Its solid-state components reduce the risk of failure, contributing to increased uptime and lower maintenance costs. Furthermore, the compact design allows for easy installation in tight spaces, making it a practical choice for various deployment scenarios.

In terms of management and monitoring, the P840 includes an intuitive web-based interface, enabling administrators to configure settings and monitor network performance effortlessly. SNMP support further enhances management capabilities, allowing for integration into larger network management systems.

Overall, the Perle P840 stands out as a powerful solution for enterprises seeking seamless connectivity, robust security, and flexibility in configuration. Its combination of advanced features and durable design makes it an ideal choice for industries requiring reliable serial and network connectivity in challenging environments. With the P840, businesses can build a resilient networking infrastructure that supports their growing demands while safeguarding their critical data.