Manuals / 3Com / Computer Equipment / Network Router

3Com 812 manual IPX SAP Packet Filtering Using CLI, Bridge / Generic Filtering Using CLI

Models: 812

1 144

Download 144 pages 39.75 Kb

Page 72

6-34CHAPTER 6: MANUAL SETUP

IPX SAP Packet Filtering Using CLI

SAP packets are used to identify the services and addresses of servers attached to the network. The responses are used to update a table in the router known as the Server Information Table.

You define IPX SAP packet filtering rules in the IPX-SAP protocol section of the filter file. You can filter SAP packets by network, node, server, service-type, and socket.

The following rule example accepts SAP services from the server name sales_1, with a socket number is less than 32:

IPX-SAP:

1AND server = sales_1;

2ACCEPT socket < 32;

999DENY;

Bridge / Generic Filtering Using CLI

The rules in this filter file section are setup to allow bridging of only IP and IPX packets (assuming that all traffic is being bridged and that the IPX protocol is using Ethernet_II framing). To stop traffic in both directions, you can apply the filter as an input_filter on both the Ethernet and the WAN or User Profile interfaces. However, to improve efficiency over the WAN interface, it would be better to have the same type of filter applied on the equipment at the other side of the WAN to keep non-IP and IPX traffic off the WAN completely.

BR-ETH:

#Allow IP traffic

1 ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x0800;

#Allow ARP traffic

2ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x0806;

# Allow IPX traffic

3ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x8136;

4ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x8137;

999DENY;

Step by Step Guide to	You can create filter files using any text editor. Once the file is created, use the
Creating Filter Files	Trivial File Transfer Protocol (TFTP) to place the filter file in the router FLASH
Using CLI	memory.
	To create a filter file using CLI:

1Open a new text file. Enter the file descriptor on the first line: #filter

2Enter a file section header followed by a colon for the protocol rules you want to define. For example, if you want to define IP filtering rules, enter the following section header: IP:

Image 72

3Com 812 manual IPX SAP Packet Filtering Using CLI, Bridge / Generic Filtering Using CLI, Creating Filter Files

Contents

OfficeConnectTM Remote Adsl Router CLI User’s Guide ReleaseSanta Clara, California Contents Quick VC Setup Dhcp IPX Source and Destination Network Filtering Using CLI Officeconnect Remote 812 Sample Configuration Delete B-10 Dial Hangup Paused Commands ResolveInput Counters Show interface interfacename settings Show ip counters TCP Settings Input CountersVerify Page Page IBM-PC Compatible Computers Macintosh ComputersUNIX-Based Computers From Windows 95, you can go to the DOS Window and runTelnet ipaddress Add ip network is the command ParametersValues Names or Strings Network Address FormatsStand for ip, iprouting, or ipsourcevalidation Conventions 4CHAPTER 2 CLI Command Conventions and Terminology Configuration Methods Manual Setup Instructions Quick Setup CLI Quick Setup ScriptPassword Protection Which portions of the network do you want to configure?Quick Setup Identification information Quick Setup Management InformationThis completes the section on Snmp management configuration Quick Setup IP informationTelnet information IP setup is completed Quick Setup IPX informationQuick Setup Bridge Information This section contains a sample of possible settingsSample Identification Information Management Information Telnet ManagementIP Information IP MaskSample Output Display as Quick Setup Executes 8CHAPTER 4 Quick Setup CLI QuickVC Setup Script Starting QuickVC Setup OCR-DSL quickvcNetwork Service PPP IP configuration for VC name is now complete RFC1483IPX Routing Network Service PPP IPX Routing Network Service RFCBridging ReviewSample Output Display 6CHAPTER 5 Quick VC Setup Configuration Overview IPX Routing Bridging System AdministrationShow vc default Remote Site ManagementList vcs Disable vc Internet Set vc Internet sendpassword testpasswordEnable vc Internet Service InformationTo configure the profile for VBR To configure the profile for CBRSet vc vc name atm categoryofservice constant pcr cell rate IP RoutingEnable ip forwarding Disable ip forwardingEnable ip RIP Disable ip RIPShow ip settings Show ip routing settings Delete ip network network nameDefaultrouteoption Disable Enable Remoteipaddress ip address/maskAddressselection negotiate Ipsourcevalidation Disable Enable Metric metricAddress TranslationSet vc vc name natdefaultaddress ip address Privateport portMode 12CHAPTER 6 Manual Setup Set dhcp mode relay Maxhops count enabled YES noShow dhcp server counters List dhcp server leases Monitoring the DhcpEnable dns Disable dnsShow dns settings Set dns cachesize size Numberretries number timeout secondsDisable ipx network network name IPX RoutingList dns servers Delete dns server domain nameYou can delete a disabled network using the command Delete ipx network network nameIpxaddress Ffffffff To add a Static IPX route over the LAN, use the command Node server node addressIpxnet server network address name service name Set ipx network network nameConfigure bridging for the remote site connection BridgingTo see the current IP Forwarding status use the command Show ip settingsTo disable IP Forwarding use the command Show bridge settingsSet bridge agingtime seconds Simultaneous Bridging Routing Administration SystemShow date Set timeAdd user name password password Set system name name location location contact contactList users Delete user nameSet command loginrequired yes Set command loginrequired no Set command idletimeout timeoutExit cli Local or remote users can access Use of a forged IP source address to circumvent a firewallDiscards it CapabilitiesIPX IP-RIPIPX-SAP IPX-RIPGeneric Filters Router CLI User’s GuideFilter File Components Line #filterProtocol Rules BR-ETHAccept src-addr=xxx Accept dst-addr=yyy Deny IP Source and Destination Network Filtering Using CLI IPXIP Source and Destination Port Filtering Using CLI IP Protocol Filtering Using CLIIP RIP Packet Filtering Using CLI IPX Source and Destination Network Filtering Using CLI IPX Source and Destination Host Filtering Using CLIIPX RIP Packet Filtering Using CLI IPX SAP Packet Filtering Using CLI Bridge / Generic Filtering Using CLIUsing CLI Creating Filter FilesIP 1 Accept src-addr = Accept dst-addr = Deny CLI commands to use Unit’sApplying a Filter to an Filter List Using CLI Removing a Filter from an Interface Using CLIAdding Filters to VC/Remote Site ProfileIPX-RIP IPX-SAP 40CHAPTER 6 Manual Setup Officeconnect Remote 812 Sample Configuration Set dhcp mode server 2APPENDIX a Officeconnect Remote 812 Sample ConfigurationSet dhcp server start 192.168.200.1 end 192.168.200.40 mask Disable bridge spanningtree Add bridge network bridge Set vc Internet nat enable 4APPENDIX a Officeconnect Remote 812 Sample ConfigurationCLI Commands Add bridge network Enabled yes NetworknameAdd dns host IPaddressAdd ip defaultroute Metric 2APPENDIX B CLI Command DescriptionSecondaryaddress ipaddress Vcname vcname Add framedroute vc name Iproute ipaddress Metric numberAdd ip network networkname Gateway gatewayaddr Metric hopcountAdd ipx service servicename Type servicetype4APPENDIX B CLI Command Description Below is a partial list of the IPX services available Ipxnet ipxaddress Metric hopcount Ticks ticknumberAdds an IPX route for the a user over the WAN Name Hops number6APPENDIX B CLI Command Description Data string Closeactiveconnections True False Http8APPENDIX B CLI Command Description Add snmp address IPaddress trapcommunity NameAdd user name Enabled yes DefaultIpnameoraddr Parameters for all usersDelete Delete commands remove anything you previously added 10APPENDIX B CLI Command DescriptionArp output outputfilename ipnameoraddr Servicename Delete snmpCommunity name TrapcommunityDisable bridge network Disable bridgeDisable icmp Disable interfaceConnections will be closed when the server is disabled Disable snmpAuthentication traps Output outputfile14APPENDIX B CLI Command Description NetworksHangup 16APPENDIX B CLI Command Description ListEasyfilter.fil Normal18APPENDIX B CLI Command Description Other Or list snmp TrapcommunitiesList syslog List tcp connectionsMore or CR Continue printing Quit More or CROutputfile exist Set adsl reset Set command history numerical rangeResolve name IPhostnameSets console parameters for CLI commands Set dhcp relay server2 Address IPaddress Enabled YES noIdle timout minutes Localprompt string Prompt string YES noSet dns cachesize number CLI Commands B-25 26APPENDIX B CLI Command Description SENDDEFAULT/NOSENDDEFAULT D ACCEPTDEFAULT/NOACCEPTDefault D Flashupdate D/NOFLASHUPDATE28APPENDIX B CLI Command Description Sets parameters for the specified IPX networkSet network service adminname Poolmembers numberSets parameters for dynamic IPX networks Transmitauthenticationname name OptionsSet system Name name Location location Set time time Modifies user parameters32APPENDIX B CLI Command Description Specifies parameters for VCsENABLED, Disabled MTUShow Show commands display details about system entities 34APPENDIX B CLI Command DescriptionSets ATM parameters for VCs Operational Mode either loss of signal or operational Displays the current status of the ADSL/ATM linkFields 36APPENDIX B CLI Command Description Adsl Alcatel chipset firmware release versionShow bridge network name History Depth Current Prompt OCR-DSL Local Prompt OCR-DSL Settings 38APPENDIX B CLI Command DescriptionCounters Format Errors server said invalid request format Problems with Name Server internal server error40APPENDIX B CLI Command Description Input CountersCounters Input Counters Show ip counters Displays system wide IP network statistics42APPENDIX B CLI Command Description Show ipx counters Show ipx network networkname counters Total Packets Received sum of IPX packets received44APPENDIX B CLI Command Description Show ipx ripDisplays information about RIP for IPX Vcname settings Show ipx sapDisplays information about SAP for IPX Dynamic Address Pool Begin starting IPX addressName settings 46APPENDIX B CLI Command DescriptionName counters Operational Status not opened or openedSettings for PPP Bundle 1 Compression Remote PPP entity. Default EnabledEntity, PAP is the default 48APPENDIX B CLI Command DescriptionSystem Contact modify using set system System Name modify using set systemSystem Location modify using set system System Descriptor for example50APPENDIX B CLI Command Description Total Output Datagrams sum of UDP datagrams sentCommands Help Lists the available commandsTelnet ipnameoraddr Telnet ipnameoraddr TCPport number Pressing controlRecall the next command in the history list CLI ExitSetescape string StatusComments 54APPENDIX B CLI Command Description PAT Adsl ATMPing DNS Overview Proxy Statistics Show dns countersLAN RIPTftp Routing SAPRIP SAP PPP WANCLI TelnetDelete snmp trapcommunity B-11 WAN PPP3Com Corporation Limited Warranty FCC Class B Statement