Manuals / 3Com / Computer Equipment / Network Router

3Com 812 manual Accept src-addr=xxx Accept dst-addr=yyy Deny

Models: 812

1 144

Download 144 pages 39.75 Kb

Page 68

6-30CHAPTER 6: MANUAL SETUP

Field	Description

line #	Each rule must have a unique line number from 1-10 plus 999 for the DENY verb.
	You must arrange rules in increasing order.

Verb	This field can be one of the following:
	ACCEPT - Allow the packet access if the condition is met (use with DENY verb to
	indicate reject all other packets).
	REJECT - Do not allow the packet access if the condition is met.
	AND - Logically use the AND condition with condition of the next rule to
	determine if the packet is accepted or rejected. Both defined conditions must be
	met.

Keyword	The keywords for all protocol, descriptions, corresponding operators and values.

Operator	Describes the relationship between the keyword and its value. The operator field
	must be one of the following:
	= Equal
	!= Not equal
	> Greater than
	< Less than
	>= Greater or Equal
	<= Less or Equal
	=> Generic

value	Contains a entity that is appropriate for the keyword.

The OR operation can be implemented by successive rules. For example, to accept a packet if the source address is xxx, or the destination address is yyy, the following rules are used:

IP:

1ACCEPT src-addr=xxx;

2ACCEPT dst-addr=yyy;

999DENY;

(This will only accept packets from the specified address(es); all other packets will be rejected.)

The following table describes the keywords for each protocol section and their legal operators used in the rule syntax. Value ranges are also given where ddd is a decimal between 1 and 255, mask is a decimal between 1 and 32, and xx is a hex number:

Table 6-4Protocol Keywords

Protocol
Section	Keyword	Operators	Description and Value Range

IP	src-addr	=, !=	Source IP Address (ddd.ddd.ddd.ddd/mask)
	dst-addr	=, !=	Destination IP Address (ddd.ddd.ddd.ddd/mask)
	tcp-src-port	all	TCP source port (1 - 65535)
	tcp-dst-port	all	TCP destination port (1 - 65535)
	udp-src-port	all	UDP source port (1-65535)
	udp-dst-port	all	UDP destination port (1-65535)
	protocol	=, !=	IP protocol (UDP, TCP, ICMP)
	generic	=	Generic filter

IP-RIP	network	=, !=	IP network number (ddd.ddd.ddd.ddd/mask)

Image 68

3Com 812 manual Accept src-addr=xxx Accept dst-addr=yyy Deny

Contents

OfficeConnectTM Remote Adsl Router CLI User’s Guide ReleaseSanta Clara, California Contents Quick VC Setup Dhcp IPX Source and Destination Network Filtering Using CLI Officeconnect Remote 812 Sample Configuration Delete B-10 Dial Hangup Paused Commands ResolveInput Counters Show interface interfacename settings Show ip counters Verify TCP SettingsInput Counters Page Page IBM-PC Compatible Computers Macintosh ComputersTelnet ipaddress UNIX-Based ComputersFrom Windows 95, you can go to the DOS Window and run Values Add ip network is the commandParameters Stand for ip, iprouting, or ipsourcevalidation Names or StringsNetwork Address Formats Conventions 4CHAPTER 2 CLI Command Conventions and Terminology Configuration Methods Manual Setup Instructions Quick Setup CLI Quick Setup ScriptPassword Protection Which portions of the network do you want to configure?Quick Setup Identification information Quick Setup Management InformationTelnet information This completes the section on Snmp management configurationQuick Setup IP information IP setup is completed Quick Setup IPX informationSample Identification Information Quick Setup Bridge InformationThis section contains a sample of possible settings Management Information Telnet ManagementIP Information IP MaskSample Output Display as Quick Setup Executes 8CHAPTER 4 Quick Setup CLI QuickVC Setup Script Starting QuickVC Setup OCR-DSL quickvcNetwork Service PPP IP configuration for VC name is now complete RFC1483IPX Routing Network Service PPP IPX Routing Network Service RFCBridging ReviewSample Output Display 6CHAPTER 5 Quick VC Setup Configuration Overview IPX Routing Bridging System AdministrationList vcs Show vc defaultRemote Site Management Disable vc Internet Set vc Internet sendpassword testpasswordEnable vc Internet Service InformationTo configure the profile for VBR To configure the profile for CBRSet vc vc name atm categoryofservice constant pcr cell rate IP RoutingEnable ip forwarding Disable ip forwardingEnable ip RIP Disable ip RIPShow ip settings Show ip routing settings Delete ip network network nameAddressselection negotiate Defaultrouteoption Disable EnableRemoteipaddress ip address/mask Ipsourcevalidation Disable Enable Metric metricAddress TranslationSet vc vc name natdefaultaddress ip address Privateport portMode 12CHAPTER 6 Manual Setup Set dhcp mode relay Maxhops count enabled YES noShow dhcp server counters List dhcp server leases Monitoring the DhcpEnable dns Disable dnsShow dns settings Set dns cachesize size Numberretries number timeout secondsDisable ipx network network name IPX RoutingList dns servers Delete dns server domain nameIpxaddress Ffffffff You can delete a disabled network using the commandDelete ipx network network name To add a Static IPX route over the LAN, use the command Node server node addressIpxnet server network address name service name Set ipx network network nameConfigure bridging for the remote site connection BridgingTo see the current IP Forwarding status use the command Show ip settingsTo disable IP Forwarding use the command Show bridge settingsSet bridge agingtime seconds Simultaneous Bridging Routing Administration SystemShow date Set timeAdd user name password password Set system name name location location contact contactList users Delete user nameExit cli Set command loginrequired yes Set command loginrequired noSet command idletimeout timeout Local or remote users can access Use of a forged IP source address to circumvent a firewallDiscards it CapabilitiesIPX IP-RIPIPX-SAP IPX-RIPGeneric Filters Router CLI User’s GuideFilter File Components Line #filterProtocol Rules BR-ETHAccept src-addr=xxx Accept dst-addr=yyy Deny IP Source and Destination Network Filtering Using CLI IPXIP RIP Packet Filtering Using CLI IP Source and Destination Port Filtering Using CLIIP Protocol Filtering Using CLI IPX RIP Packet Filtering Using CLI IPX Source and Destination Network Filtering Using CLIIPX Source and Destination Host Filtering Using CLI IPX SAP Packet Filtering Using CLI Bridge / Generic Filtering Using CLIUsing CLI Creating Filter FilesIP 1 Accept src-addr = Accept dst-addr = Deny CLI commands to use Unit’sApplying a Filter to an Filter List Using CLI Removing a Filter from an Interface Using CLIAdding Filters to VC/Remote Site ProfileIPX-RIP IPX-SAP 40CHAPTER 6 Manual Setup Officeconnect Remote 812 Sample Configuration Set dhcp server start 192.168.200.1 end 192.168.200.40 mask Set dhcp mode server2APPENDIX a Officeconnect Remote 812 Sample Configuration Disable bridge spanningtree Add bridge network bridge Set vc Internet nat enable 4APPENDIX a Officeconnect Remote 812 Sample ConfigurationCLI Commands Add bridge network Enabled yes NetworknameAdd dns host IPaddressAdd ip defaultroute Metric 2APPENDIX B CLI Command DescriptionSecondaryaddress ipaddress Vcname vcname Add framedroute vc name Iproute ipaddress Metric numberAdd ip network networkname Gateway gatewayaddr Metric hopcount4APPENDIX B CLI Command Description Add ipx service servicenameType servicetype Below is a partial list of the IPX services available Ipxnet ipxaddress Metric hopcount Ticks ticknumberAdds an IPX route for the a user over the WAN Name Hops number6APPENDIX B CLI Command Description Data string Closeactiveconnections True False Http8APPENDIX B CLI Command Description Add snmp address IPaddress trapcommunity NameAdd user name Enabled yes DefaultIpnameoraddr Parameters for all usersArp output outputfilename ipnameoraddr Delete Delete commands remove anything you previously added10APPENDIX B CLI Command Description Servicename Delete snmpCommunity name TrapcommunityDisable bridge network Disable bridgeDisable icmp Disable interfaceConnections will be closed when the server is disabled Disable snmpAuthentication traps Output outputfile14APPENDIX B CLI Command Description NetworksHangup 16APPENDIX B CLI Command Description ListEasyfilter.fil Normal18APPENDIX B CLI Command Description Other Or list snmp TrapcommunitiesList syslog List tcp connectionsOutputfile exist More or CR Continue printing QuitMore or CR Set adsl reset Set command history numerical rangeResolve name IPhostnameSets console parameters for CLI commands Set dhcp relay server2 Address IPaddress Enabled YES noIdle timout minutes Localprompt string Prompt string YES noSet dns cachesize number CLI Commands B-25 26APPENDIX B CLI Command Description SENDDEFAULT/NOSENDDEFAULT D ACCEPTDEFAULT/NOACCEPTDefault D Flashupdate D/NOFLASHUPDATE28APPENDIX B CLI Command Description Sets parameters for the specified IPX networkSets parameters for dynamic IPX networks Set network service adminnamePoolmembers number Set system Name name Location location Transmitauthenticationname nameOptions Set time time Modifies user parameters32APPENDIX B CLI Command Description Specifies parameters for VCsENABLED, Disabled MTUSets ATM parameters for VCs Show Show commands display details about system entities34APPENDIX B CLI Command Description Fields Operational Mode either loss of signal or operationalDisplays the current status of the ADSL/ATM link Show bridge network name 36APPENDIX B CLI Command DescriptionAdsl Alcatel chipset firmware release version History Depth Current Prompt OCR-DSL Local Prompt OCR-DSL Counters Settings38APPENDIX B CLI Command Description Format Errors server said invalid request format Problems with Name Server internal server error40APPENDIX B CLI Command Description Input CountersCounters Input Counters Show ip counters Displays system wide IP network statistics42APPENDIX B CLI Command Description Show ipx counters Show ipx network networkname counters Total Packets Received sum of IPX packets receivedDisplays information about RIP for IPX 44APPENDIX B CLI Command DescriptionShow ipx rip Vcname settings Show ipx sapDisplays information about SAP for IPX Dynamic Address Pool Begin starting IPX addressName settings 46APPENDIX B CLI Command DescriptionName counters Operational Status not opened or openedSettings for PPP Bundle 1 Compression Remote PPP entity. Default EnabledEntity, PAP is the default 48APPENDIX B CLI Command DescriptionSystem Contact modify using set system System Name modify using set systemSystem Location modify using set system System Descriptor for example50APPENDIX B CLI Command Description Total Output Datagrams sum of UDP datagrams sentCommands Help Lists the available commandsTelnet ipnameoraddr Telnet ipnameoraddr TCPport number Pressing controlRecall the next command in the history list CLI ExitSetescape string StatusComments 54APPENDIX B CLI Command Description PAT Adsl ATMPing DNS Overview Proxy Statistics Show dns countersTftp LANRIP RIP SAP RoutingSAP PPP WANCLI TelnetDelete snmp trapcommunity B-11 WAN PPP3Com Corporation Limited Warranty FCC Class B Statement