Manuals / 3Com / Computer Equipment / Network Router

3Com OfficeConnect Remote 812 manual The OR operation can be implemented by successive rules

Models: OfficeConnect Remote 812

1 170

Download 170 pages 51.21 Kb

Page 86

The OR operation can be implemented by successive rules.

6-50CHAPTER 6: MANUAL SETUP

the first match that occurs. If there is no match, by default the packet is accepted. For this reason, you should order your protocol rules so that the rules you expect to be most frequently matched are in the beginning of the section. This reduces the amount of parsing time that occurs during filtering.

The following table describes each field used in the rule syntax:

Table 6-5Protocol Rules

Field	Description

line #	Each rule must have a unique line number from 1-10 plus 999 for the DENY verb.
	You must arrange rules in increasing order.

Verb	This field can be one of the following:
	ACCEPT - Allow the packet access if the condition is met (use with DENY verb to
	indicate reject all other packets).
	REJECT - Do not allow the packet access if the condition is met.
	AND - Logically use the AND condition with condition of the next rule to
	determine if the packet is accepted or rejected. Both defined conditions must be
	met.

Keyword	The keywords for all protocol, descriptions, corresponding operators and values.

Operator	Describes the relationship between the keyword and its value. The operator field
	must be one of the following:
	= Equal
	!= Not equal
	> Greater than
	< Less than
	>= Greater or Equal
	<= Less or Equal
	=> Generic

value	Contains a entity that is appropriate for the keyword.

The OR operation can be implemented by successive rules.

For example, to accept a packet if the source address is xxx, or the destination address is yyy, the following rules are used (this will only accept packets from the specified address(es); all other packets will be rejected):

IP:

1ACCEPT src-addr=xxx;

2ACCEPT dst-addr=yyy;

999DENY;

The following table describes the keywords for each protocol section and their legal operators used in the rule syntax.

Value ranges are also given where ddd is a decimal between 1 and 255, mask is a decimal between 1 and 32, and xx is a hex number:

Image 86

3Com OfficeConnect Remote 812 manual The OR operation can be implemented by successive rules

Contents

Part Number 10043337 AA ReleaseOfficeConnect Remote ADSL Router CLI User’s Guide Santa Clara, California 3Com Corporation5400 Bayfront Plaza 95052-8145CLI COMMAND CONVENTIONS AND TERMINOLOGY Table of ContentsACCESSING THE CONFIGURATION INTERFACE CONFIGURATION METHODSStarting QuickVC Setup QUICKVC SETUPMANUAL SETUP IPX Routing Network Service PPPSetting Up a Virtual Private Network VPN Tunnel Providing TFTP Access Configuring IPX for Remote Site ConnectionsSetting Date and Time Using Network Time Protocol NTP Monitoring the DHCP RelayOFFICECONNECT REMOTE 812 SAMPLE CONFIGURATION CLI COMMAND DESCRIPTION disable securityoption snmp useraccess list processes list accesslist ip addresses list services B list snmp communities or list snmp trapcommunities B set system TELNET TCP COUNTERSINPUT COUNTERS POSITIONAL HELP B Command Completion B 3COM CORPORATION LIMITED WARRANTY FCC CLASS A VERIFICATION STATEMENTFCC CLASS B STATEMENT FCC DECLARATION OF CONFORMITY Output PauseIBM-PC Compatible Computers ACCESSING THE CONFIGURATION 1 INTERFACEEstablishing Communications with the OfficeConnect Remote Macintosh ComputersUNIX-Based Computers telnet ipaddressadd ip network is the command CLI COMMAND CONVENTIONS AND 2 TERMINOLOGYCommand Structure ParametersCompletion CommandAbbreviation and HelpConventions Command Language Terminology Page QuickVC Setup Instructions CONFIGURATION METHODSQuick Setup Instructions Manual Setup Instructions 3-2 CHAPTER 3 CONFIGURATION METHODSRestoring the OfficeConnect Remote 812 to an Unconfigured State QUICK SETUPCLI Quick Setup Script ADSL Router Installation GuideDo you want to continue Quick Setup? Quick Setup ScriptQuick Setup Script Instructions Password ProtectionQuick Setup Identification Information Quick Setup Management Information4-4 CHAPTER 4 QUICK SETUP Quick Setup IP InformationTELNET information Quick Setup IPX Information Management Information Quick Setup Bridge InformationSample Identification Information TELNET ManagementSample Output Display as Quick Setup Executes Page Starting QuickVC Setup OCR-DSL quickvc QUICKVC SETUPCLI QuickVC Setup Script Network Service PPP CLI QuickVC Setup Script IPX Routing Network Service PPPService RFC BridgingSample Output Display Sample IdentificationInformation as Quick Setup ExecutesPage MANUAL SETUP Configuration OverviewManagement Remember to save your configuration using the save all command beforeRemote Site memoryset vc vc name networkservice ppp Configuring Network Service InformationCurrently, the SVC capability is disabled in the OCR set vc vc name networkservice pppoeset vc vc name networkservice pppoa set vc vc name dynamicipaddressing dhcpclientset vc vc name atm categoryofservice constant pcr cell rate Setting Up a Virtualset vc vc name atm categoryofservice unspecifed pcr cell rate when transmitting data to the remote siteOn the 812 ADSL Router “Client” Side VPN Tunneling Overview Before You Begin Initiating a VPN TunnelOn the Remote Private Network “Server” Side Enabling and Disabling a disable tunnel commandVPN Tunnel list tunnel Use this command to list the name and status of tunnels Values Authentication and EncryptionTo learn how to set up encryption using the CLI, see Configuring MICROSOFT56BIT NONE REQUIRED Configuring Windows 2000 Server to Support CHAP AuthenticationEncryption Router to Support Encryption for L2TP TunnelsValue Name ProhibitIpSec Configuring a Cisco Router to Support Encryption for L2TP Tunnelsaaa authentication login cisco local terminate-from hostname OfficeConnect local name c7200 peer default ip address pool L2TPvpdn-group 1 accept-dialin protocol l2tp virtual-template interface Ethernet1/2Debug vpdn command ppp authentication papRIP Configuration router rip ver network IP Pool for L2TP Tunnel errorIP Routing 6-14 CHAPTER 6 MANUAL SETUPdisable ip RIP enable ip forwardingenable ip RIP show ip routing settingsnegotiate addressselectionRemote Site The defaultrouteoption can only be enabled in one VC profileset vc vc name Configuring Static and Framed IP Routes 6-18 CHAPTER 6 MANUAL SETUPAddress Translation used For a vc added using QuickVC, NAT is enabled by defaultcontinues to run until a NAT port frees up port 80, private port 80, and the private address of the LAN Server Use the following command to configure PAT in a vc profileIntelligent PAT 6-22 CHAPTER 6 MANUAL SETUPEnabling NAT set vc vc name intelligentpatoption Enable/DisablePlease also note the following set vc vc name natoption natConfiguring NAT Static and Dynamic Mappings 6-24 CHAPTER 6 MANUAL SETUPlist nat vc vc name addr add nat dynamic vc vc name publicpoolstart ip address count numberlist nat vc vc name port port AND / ORRemote Configuring the DHCP Mode DHCPset dhcp server lease seconds set dhcp server startaddress ip address endaddress ip addressset dhcp server mask ip address set dhcp server router ip addressshow dhcp server counters Configuring the DHCPset dhcp mode relay list dhcp server leasestimeout enable dnsshow dns settings set dnslist dns servers Access ListsIPX Routing 6-32 CHAPTER 6 MANUAL SETUP Enabling IPX Routing Configuring IPX for the LANConfiguring IPX for Remote Site Connections Configuring IPX Static and Framed Routes add ipxroute vc vc name ipxnet ipx network address metric numberadd ipxservice vc vc name hops number Configuring IPX Static and Framed Servicesdelete ipx service name type hex number 6-34 CHAPTER 6 MANUAL SETUPset ipx network network name Configuring IPX RIP and SAPBridging set ipx network network nameConfiguring Bridging for the LAN Configuring Bridging for the Remote Site ConnectionsBridging IP Traffic 6-36 CHAPTER 6 MANUAL SETUPAdvanced Bridging Options show ip settingsset bridge forwarddelay seconds set bridge agingtime secondsset bridge firewall discardroutedprotocols set vc vcname macrouting enableSimultaneous Bridging and Routing System AdministrationSetting Date and Time set bridge firewall fwdunicastonlyset disable ntp Network Time Protocol CLI Commandsset enable ntp For example set date 01-JAN-1998set pollinginterval seconds set timeout secondsset secondaryserver ipnameoraddr set retransmissions numberNTP Servers clock.psu.edu list users show systemset system name name location location contact contact delete user nameSetting Password Protection list tftp clientsexit cli After logging in to the CLI, you can exit the CLI with the command6-46 CHAPTER 6 MANUAL SETUP OfficeConnect Remote 812 Filtering CapabilitiesData Filtering Overview Filter Classes The OCR 812 supports three filter classes Creating Filters Creating Filters UsingCommand Line OverviewProtocol Rules The OR operation can be implemented by successive rules IP 1 ACCEPT src-addr=xxx 2 ACCEPT dst-addr=yyy 999 DENYLENGTH - The number of bytes in the packet to compare to the value IP Protocol Filtering Using CLI IP Source and Destination Network Filtering Using CLIIP Source and Destination Port Filtering Using CLI IP RIP Packet Filtering Using CLIIPX Source and Destination Socket Number Filtering Using CLI IPX Source and Destination Network Filtering Using CLIIPX Source and Destination Host Filtering Using CLI Bridge / Generic Filtering Using CLI IPX RIP Packet Filtering Using CLIIPX SAP Packet Filtering Using CLI IPX 1 ACCEPT src-socket = 999 DENYmemory Using CLICreating Filter Files Assigning Filters by entering the CLI command set interface eth1 filteraccess off Applying Filters UsingInterface Using CLI VC/Remote Site FiltersManaging Filters Using CLIFilter List Using CLI VPN TunnelVC/Remote Site Profile an Interface Using CLIRemoving a Filter from Deleting a Packet Filter6-60 CHAPTER 6 MANUAL SETUP OCR 812 features OFFICECONNECT REMOTE 812 SAMPLE A CONFIGURATIONSample Configuration Overviewenable securityoption remoteuser administration Configuring theGlobal Configuration add user root password !rootdisable bridge spanningtree add bridge network bridge add dns server * vc Internet enable dnsadd ipx network ipx address 10 frame ethernetii enable yes set dhcp server dns1 192.168.200.254 dns2set vc Internet iprouting listen set vc Internet sendname internet-user sendpassword 1a2b3cset vc Internet defaultrouteoption enable enable vc Internet Configuring the Sample Network A-5 set vc corp-net ipxaddress 0 ipxrouting all enable vc corp-netset vc corp-net iprouting both Page add access CLI Command DescriptionCLI Commands vcblknetbiosprimaryaddress ipaddress secondaryaddress ipaddress vcname vcname iproute ipaddress metric number add ip defaultrouteadd framedroute vc name metricaddress ipnetaddress frame ETHERNETII SNAP LOOPBACK interface eth1 address ipxaddress interface eth1 enabled yesadd ip network networkname gateway gatewayaddr metric hopcountadd ipx route ipxnetaddress add ipx service servicenametype servicetype gateway ipxhostaddress metric metricnumber ticks ticknumberadd ipxservice vc name ipxnet ipxaddress metric hopcount ticks ticknumbertype servicetype add ipxroute vc nameCLI Commands B-7 add network service servicename statusservertype servertype socket socketnumber enabled YES data “string” address ipaddress access RO RW Add network service exampleadd networkservice CLIaccess servertype TELNETD socket closeactiveconnections TRUE FALSEaddress ipaddress add snmp trapcommunity nameipnameoraddr add tunnelarp output outputfilename ipnameoraddr add user nameadd vc name enabled yesvcname delete ipx route ipxnetaddress delete ipx service servicenamedelete pat tcp vc type servicetypetunnelname publicaddress ipaddresspublicpoolstart ipaddress entriesDIAL DISABLEdisable ip network bridge forwardingauthentication traps disable snmpinterfacename interface settings command output outputfileENABLE networksinterfacename using list network servicesHANGUP interfacename interface settings commandKILL HELPHISTORY LISTmgmt - unknown, but filtering information exists CLI Commands B-19 If Name - eth1, DA1 or loopbackInterface - eth1, DA1 or loopback Prot - LOCAL or RIP trapcommunities not list access Continue printing PAUSED COMMANDSMore or CR QuitRENAME timeout timeoutvaluePING RESOLVESAVE forwarddelay secondsset command history numerical range idle timeout minutes set bridgeset dhcp relay server2 enabled YES NOset dhcp relay server1 address IPaddressDNS1 IPaddress set dns cachesize number numberretries number timeout secondsset dhcp server DNS2 IPaddressroutingprotocol NONE RIPV1 RIPV2 filteraccess ON OFF inputfilter filtername outputfilter filternameset interface interfacename B-28 APPENDIX B CLI COMMAND DESCRIPTION routerid routerid CLI Commands B-29sap BOTH DISABLE LISTEN RESPONDONLY SEND sapagemultiplier number rip BOTH DISABLE LISTEN RESPONDONLY SEND ripagemultiplier numberrippacketsize number ripupdateinterval number sapupdateinterval numberSets parameters for configured network services set network service adminnamepoolmembers number Sets parameters for dynamic IPX networksFor in-depth information about CHAP and PAP, see RFC A VPN tunnel can only be configured for MSCHAPv1 by using the CLIAuthentication Options MPPE Options address IPaddress access RO RWNONE REQUIRED name “name” transmitauthenticationname nameset system location “location”set user username password passwordsessiontimeout seconds message “message”idletimeout seconds bridging enable disabledefaultrouteoption enable disable ip enable disableCLI Commands B-37 set number categoryofservice Unspecified UBR Variable VBRset vc vcname atm pcr numberSets ATM parameters for VCs Total errored seconds in 15 minutes Total time since system reboot hours, minutes, secondsErrored seconds since last link down Total errored seconds in previous 15 minutesBase Aging Time - time to age out a known MAC address, default FieldsHistory Depth Current Prompt OCR-DSL Local Prompt OCR-DSL settings Problems with Name Server - internal server error show dns counters show dns settings show filter filternameSPECIFIC ERROR COUNTERS OUTPUT COUNTERS ICMP COUNTERSINPUT COUNTERS INPUT COUNTERS show interface interfacename countersshow interface Displays OUTPUT COUNTERSIP Dynamic Address Pool Size - size of IP address range Fragments Needing Reassembly - # of fragmented datagramsIP Dynamic Address Pool Begin - start of IP address range settingsINPUT COUNTERS show ipx counters show ipx network networkname countersOUTPUT COUNTERS settings show ipx ripcounters settingssettings show ipx sapDynamic Address Pool Begin - starting IPX address Default Gateway - default IPX router addressvcname counters vcname settingsname settings name countersSETTINGS for PPP LINK 1 SETTINGS for PPP BUNDLESETTINGS for PPP BUNDLE 1 COMPRESSION Operational Status - opened or not openedshow snmp counters Displays many SNMP statistics INPUT COUNTERSSystem Descriptor - for example System Contact - modify using set systemSystem Location - modify using set system OUTPUT COUNTERSINPUT COUNTERS TCP SETTINGSTCP COUNTERS OUTPUT COUNTERSVERIFY CommandsTELNET verify filterCLI Exit Commands Command FeaturesComments B-58 APPENDIX B CLI COMMAND DESCRIPTIONINDEX Server Input and Output filters contrasted Static Services Passwords Page Page Page HARDWARE 3Com Corporation LIMITED WARRANTYSTANDARD WARRANTY SERVICE SOFTWAREThe Interference Handbook FCC CLASS B STATEMENTFCC DECLARATION OF CONFORMITY ModelDescription