IPX SAP Packet Filtering Using CLI | 3Com 812 specification

6-34CHAPTER 6: MANUAL SETUP

IPX SAP Packet Filtering Using CLI

SAP packets are used to identify the services and addresses of servers attached to the network. The responses are used to update a table in the router known as the Server Information Table.

You define IPX SAP packet filtering rules in the IPX-SAP protocol section of the filter file. You can filter SAP packets by network, node, server, service-type, and socket.

The following rule example accepts SAP services from the server name sales_1, with a socket number is less than 32:

IPX-SAP:

1AND server = sales_1;

2ACCEPT socket < 32;

999DENY;

Bridge / Generic Filtering Using CLI

The rules in this filter file section are setup to allow bridging of only IP and IPX packets (assuming that all traffic is being bridged and that the IPX protocol is using Ethernet_II framing). To stop traffic in both directions, you can apply the filter as an input_filter on both the Ethernet and the WAN or User Profile interfaces. However, to improve efficiency over the WAN interface, it would be better to have the same type of filter applied on the equipment at the other side of the WAN to keep non-IP and IPX traffic off the WAN completely.

BR-ETH:

#Allow IP traffic

1 ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x0800;

#Allow ARP traffic

2ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x0806;

# Allow IPX traffic

3ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x8136;

4ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x8137;

999DENY;

Step by Step Guide to	You can create filter files using any text editor. Once the file is created, use the
Creating Filter Files	Trivial File Transfer Protocol (TFTP) to place the filter file in the router FLASH
Using CLI	memory.
	To create a filter file using CLI:

1Open a new text file. Enter the file descriptor on the first line: #filter

2Enter a file section header followed by a colon for the protocol rules you want to define. For example, if you want to define IP filtering rules, enter the following section header: IP:

Image 72

3Com 812 manual IPX SAP Packet Filtering Using CLI, Bridge / Generic Filtering Using CLI, Creating Filter Files

Contents

OfficeConnectTM Remote Adsl Router CLI User’s Guide Release Santa Clara, California Contents Quick VC Setup Dhcp IPX Source and Destination Network Filtering Using CLI Officeconnect Remote 812 Sample Configuration Delete B-10 Dial Hangup Paused Commands Resolve Input Counters Show interface interfacename settings Show ip counters TCP Settings Input CountersVerify Page Page IBM-PC Compatible Computers Macintosh Computers UNIX-Based Computers From Windows 95, you can go to the DOS Window and runTelnet ipaddress Add ip network is the command ParametersValues Names or Strings Network Address FormatsStand for ip, iprouting, or ipsourcevalidation Conventions 4CHAPTER 2 CLI Command Conventions and Terminology Configuration Methods Manual Setup Instructions Quick Setup CLI Quick Setup Script Password Protection Which portions of the network do you want to configure?Quick Setup Identification information Quick Setup Management Information This completes the section on Snmp management configuration Quick Setup IP informationTelnet information IP setup is completed Quick Setup IPX information Quick Setup Bridge Information This section contains a sample of possible settingsSample Identification Information Management Information Telnet ManagementIP Information IP Mask Sample Output Display as Quick Setup Executes 8CHAPTER 4 Quick Setup CLI QuickVC Setup Script Starting QuickVC Setup OCR-DSL quickvc Network Service PPP IP configuration for VC name is now complete RFC1483 IPX Routing Network Service PPP IPX Routing Network Service RFCBridging Review Sample Output Display 6CHAPTER 5 Quick VC Setup Configuration Overview IPX Routing Bridging System Administration Show vc default Remote Site ManagementList vcs Disable vc Internet Set vc Internet sendpassword testpasswordEnable vc Internet Service Information To configure the profile for VBR To configure the profile for CBRSet vc vc name atm categoryofservice constant pcr cell rate IP Routing Enable ip forwarding Disable ip forwardingEnable ip RIP Disable ip RIP Show ip settings Show ip routing settings Delete ip network network name Defaultrouteoption Disable Enable Remoteipaddress ip address/maskAddressselection negotiate Ipsourcevalidation Disable Enable Metric metric Address Translation Set vc vc name natdefaultaddress ip address Privateport port Mode 12CHAPTER 6 Manual Setup Set dhcp mode relay Maxhops count enabled YES noShow dhcp server counters List dhcp server leases Monitoring the Dhcp Enable dns Disable dnsShow dns settings Set dns cachesize size Numberretries number timeout seconds Disable ipx network network name IPX RoutingList dns servers Delete dns server domain name You can delete a disabled network using the command Delete ipx network network nameIpxaddress Ffffffff To add a Static IPX route over the LAN, use the command Node server node address Ipxnet server network address name service name Set ipx network network name Configure bridging for the remote site connection Bridging To see the current IP Forwarding status use the command Show ip settingsTo disable IP Forwarding use the command Show bridge settings Set bridge agingtime seconds Simultaneous Bridging Routing Administration SystemShow date Set time Add user name password password Set system name name location location contact contactList users Delete user name Set command loginrequired yes Set command loginrequired no Set command idletimeout timeoutExit cli Local or remote users can access Use of a forged IP source address to circumvent a firewallDiscards it Capabilities IPX IP-RIPIPX-SAP IPX-RIP Generic Filters Router CLI User’s GuideFilter File Components Line #filter Protocol Rules BR-ETH Accept src-addr=xxx Accept dst-addr=yyy Deny IP Source and Destination Network Filtering Using CLI IPX IP Source and Destination Port Filtering Using CLI IP Protocol Filtering Using CLIIP RIP Packet Filtering Using CLI IPX Source and Destination Network Filtering Using CLI IPX Source and Destination Host Filtering Using CLIIPX RIP Packet Filtering Using CLI IPX SAP Packet Filtering Using CLI Bridge / Generic Filtering Using CLIUsing CLI Creating Filter Files IP 1 Accept src-addr = Accept dst-addr = Deny CLI commands to use Unit’s Applying a Filter to an Filter List Using CLI Removing a Filter from an Interface Using CLIAdding Filters to VC/Remote Site Profile IPX-RIP IPX-SAP 40CHAPTER 6 Manual Setup Officeconnect Remote 812 Sample Configuration Set dhcp mode server 2APPENDIX a Officeconnect Remote 812 Sample ConfigurationSet dhcp server start 192.168.200.1 end 192.168.200.40 mask Disable bridge spanningtree Add bridge network bridge Set vc Internet nat enable 4APPENDIX a Officeconnect Remote 812 Sample Configuration CLI Commands Add bridge network Enabled yes NetworknameAdd dns host IPaddress Add ip defaultroute Metric 2APPENDIX B CLI Command DescriptionSecondaryaddress ipaddress Vcname vcname Add framedroute vc name Iproute ipaddress Metric number Add ip network networkname Gateway gatewayaddr Metric hopcount Add ipx service servicename Type servicetype4APPENDIX B CLI Command Description Below is a partial list of the IPX services available Ipxnet ipxaddress Metric hopcount Ticks ticknumberAdds an IPX route for the a user over the WAN Name Hops number 6APPENDIX B CLI Command Description Data string Closeactiveconnections True False Http 8APPENDIX B CLI Command Description Add snmp address IPaddress trapcommunity Name Add user name Enabled yes DefaultIpnameoraddr Parameters for all users Delete Delete commands remove anything you previously added 10APPENDIX B CLI Command DescriptionArp output outputfilename ipnameoraddr Servicename Delete snmpCommunity name Trapcommunity Disable bridge network Disable bridgeDisable icmp Disable interface Connections will be closed when the server is disabled Disable snmpAuthentication traps Output outputfile 14APPENDIX B CLI Command Description Networks Hangup 16APPENDIX B CLI Command Description List Easyfilter.fil Normal 18APPENDIX B CLI Command Description Other Or list snmp TrapcommunitiesList syslog List tcp connections More or CR Continue printing Quit More or CROutputfile exist Set adsl reset Set command history numerical rangeResolve name IPhostname Sets console parameters for CLI commands Set dhcp relay server2 Address IPaddress Enabled YES noIdle timout minutes Localprompt string Prompt string YES no Set dns cachesize number CLI Commands B-25 26APPENDIX B CLI Command Description SENDDEFAULT/NOSENDDEFAULT D ACCEPTDEFAULT/NOACCEPTDefault D Flashupdate D/NOFLASHUPDATE 28APPENDIX B CLI Command Description Sets parameters for the specified IPX network Set network service adminname Poolmembers numberSets parameters for dynamic IPX networks Transmitauthenticationname name OptionsSet system Name name Location location Set time time Modifies user parameters 32APPENDIX B CLI Command Description Specifies parameters for VCs ENABLED, Disabled MTU Show Show commands display details about system entities 34APPENDIX B CLI Command DescriptionSets ATM parameters for VCs Operational Mode either loss of signal or operational Displays the current status of the ADSL/ATM linkFields 36APPENDIX B CLI Command Description Adsl Alcatel chipset firmware release versionShow bridge network name History Depth Current Prompt OCR-DSL Local Prompt OCR-DSL Settings 38APPENDIX B CLI Command DescriptionCounters Format Errors server said invalid request format Problems with Name Server internal server error 40APPENDIX B CLI Command Description Input Counters Counters Input Counters Show ip counters Displays system wide IP network statistics 42APPENDIX B CLI Command Description Show ipx counters Show ipx network networkname counters Total Packets Received sum of IPX packets received 44APPENDIX B CLI Command Description Show ipx ripDisplays information about RIP for IPX Vcname settings Show ipx sapDisplays information about SAP for IPX Dynamic Address Pool Begin starting IPX address Name settings 46APPENDIX B CLI Command DescriptionName counters Operational Status not opened or opened Settings for PPP Bundle 1 Compression Remote PPP entity. Default Enabled Entity, PAP is the default 48APPENDIX B CLI Command Description System Contact modify using set system System Name modify using set systemSystem Location modify using set system System Descriptor for example 50APPENDIX B CLI Command Description Total Output Datagrams sum of UDP datagrams sent Commands Help Lists the available commandsTelnet ipnameoraddr Telnet ipnameoraddr TCPport number Pressing control Recall the next command in the history list CLI ExitSetescape string Status Comments 54APPENDIX B CLI Command Description PAT Adsl ATM Ping DNS Overview Proxy Statistics Show dns counters LAN RIPTftp Routing SAPRIP SAP PPP WANCLI Telnet Delete snmp trapcommunity B-11 WAN PPP 3Com Corporation Limited Warranty FCC Class B Statement