Chapter 1

Overview

 

 

Policy – Access Control

The P332G-ML supports Access Control policy. The P332G-ML uses policy lists containing both Access Control rules and QoS rules. The policy lists are ordered by rule indexing. Access Control rules define how the P332G-ML should handle routed packets. There are three possible ways to handle such packets:

Forward the packet (Permit operation)

Discard the packet (Deny operation)

Discard the packet and notify the management station (Deny and Notify)

The P332G-ML can enforce Access Control policy on each routed packet, according to the following criteria:

Matching the packet's source or destination IP address to the configured Access Control policy.

Determine if the packet source or destination TCP/UDP port number falls within a pre-defined range.

Using the ACK bit of the TCP header.

The P332G-ML access control rules are set-up using the Command Line Interface and the CajunRules central policy management application.

DHCP/BOOTP Relay

The P332G-ML supports the DHCP/BOOTP Relay Agent function. This is an application that accepts DHCP/BOOTP requests that are broadcast on one VLAN and sends them to a DHCP/BOOTP server that connects to another VLAN or a server that may be located across one or more routers that would otherwise not get the broadcast request. The relay agent handles the DHCP/BOOTP replies as well, transmitting them to the client directly or as broadcast, according to a flag in the reply message. Note that the same DHCP/BOOTP relay agent serves both the BOOTP and DHCP protocols.

When there is more than one IP interface on a VLAN, the P332G-ML chooses one of the IP addresses on this VLAN when relaying the DHCP/BOOTP request. The DHCP/BOOTP server then uses this address to decide from which subnet the address should be allocated.

When the DHCP/BOOTP server is configured to allocate addresses only from a single subnet among the different subnets defined on the VLAN, you may need to configure the P332G-ML with the relay address on that subnet so that the DHCP/ BOOTP server can accept the request.

DHCP/BOOTP Relay in P332G-ML is configurable per VLAN and allows for two DHCP/BOOTP servers to be specified. In this case, it duplicates each request, and sends it to both servers. This provides redundancy and prevents the failure of a single server from blocking hosts from loading.

DHCP/BOOTP Relay in P332G-ML can be enabled or disabled.

P332G-ML User’s Guide

9

Page 27
Image 27
Avaya P332G-ML manual Policy Access Control, DHCP/BOOTP Relay