Configuring ACLs

Command Attributes (Cont.)

• Source/Destination

Decimal number representing the port bits to match.

Port Bitmask:

• Range: 0-65535

 

 

• Control Code:

Decimal number (representing a bit string) that specifies flag bits in byte 14 of

 

the TCP header.

 

• Range: 0-63

 

 

• Control Code Bitmask:

Decimal number representing the code bits to match.

 

The control bitmask is a decimal number (for an equivalent binary bit mask) that

 

is applied to the control code. Enter a decimal number, where the equivalent

 

binary bit “1” means to match a bit and “0” means to ignore a bit. The following

 

bits may be specified:

 

• 1 (fin) – Finish

 

• 2 (syn) – Synchronize

 

• 4 (rst) – Reset

 

• 8 (psh) – Push

 

• 16 (ack) – Acknowledgement

 

• 32 (urg) – Urgent pointer

 

For example, use the code value and mask below to catch packets with the

 

following flags set:

 

• SYN flag valid, use control-code 2, control bitmask 2

 

• Both SYN and ACK valid, use control-code 18, control bitmask 18

 

SYN valid and ACK invalid, use control-code 2, control bitmask 18

 

 

Configuring an Extended IP ACL - Web

Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or IP).

If you select “Host,” enter a specific address.

If you select “IP,” enter a subnet address and the mask for an address range.

Set any other required criteria, such as service type, protocol type, or TCP control code. Then click Add.

FIG. 75 Configuring Extended ACLs

Configuring an Extended IP ACL - CLI

This example adds three rules:

1.Accept any incoming packets if the source address is in subnet 10.7.1.x. For example, if the rule is matched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the packet passes through.

2.Allow TCP packets from class C addresses 192.168.1.0 to any destination address when set for destination TCP port 80 (i.e., HTTP).

3.Permit all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.”

76

NXA-ENET24 - Software Management Guide

Page 96
Image 96
AMX NXA-ENET24 manual Configuring an Extended IP ACL Web, Configuring an Extended IP ACL CLI

NXA-ENET24 specifications

The AMX NXA-ENET24 is a versatile and powerful networked control interface designed to meet the growing demands of modern AV systems. This network switch offers an exceptional combination of reliability, performance, and scalability, making it an ideal choice for professional environments such as conference rooms, educational facilities, and control rooms.

One of the key features of the NXA-ENET24 is its 24-port configuration, allowing for extensive connectivity options. Each port supports 10/100/1000 Mbps speeds, ensuring that high bandwidth applications are handled with ease. Additionally, the switch incorporates advanced auto-negotiation technology, which automatically configures the optimal speed and duplex mode for connected devices. This ensures seamless connectivity and minimizes the risk of network disruptions.

The NXA-ENET24 is designed with advanced management capabilities, including support for VLANs, which helps to segment network traffic for enhanced security and performance. Network administrators can easily create virtual local area networks to optimize traffic flow and reduce congestion. This feature is particularly beneficial in environments where multiple AV systems operate concurrently.

Another significant characteristic of the NXA-ENET24 is its support for Power over Ethernet, or PoE. This feature enables the switch to deliver electrical power alongside data through the network cables. As a result, devices such as IP cameras, VoIP phones, and wireless access points can be powered directly from the switch, simplifying deployment and reducing the need for additional power sources.

Monitoring and management of the switch are made easier through a user-friendly interface. The NXA-ENET24 supports SNMP for network management, allowing users to monitor performance metrics, configure settings, and receive alerts in case of issues. This level of oversight is crucial for maintaining the stability of AV systems in mission-critical applications.

Durability is another hallmark of the NXA-ENET24 design. The switch features a robust chassis that is engineered to withstand the rigors of professional use. With cooling mechanisms in place and a fanless design, the NXA-ENET24 operates quietly and efficiently, making it suitable for environments where noise is a concern.

In conclusion, the AMX NXA-ENET24 is a powerful, reliable, and feature-rich network switch that effectively supports modern AV applications. With its extensive connectivity options, advanced management capabilities, PoE support, and durable design, it is an excellent choice for integrators and organizations looking to optimize their network infrastructure.