Output for Interior Router Example | Avocent Cyclades-PR2000

Cyclades-PR2000

The configuration for “Stop forged packets” is shown in the following listing:

Rules Lists
Rule List Name	Rule	Default	List	Linked
	Status	Scope	Type	Rule
				List
slot1_in	Enabled	Permit	Filter
Filter_list Name slot1_in
Rule 0
Status		Enabled
Scope		Deny
Protocol		0
Source IP Operator		Equal
Source IP start		10.0.0.0
Source IP Mask		255.0.0.0
Destination IP	Operator	None
Source Port Operator		None
Destination Port Operator		None
TCP connections allowed		Y
Account Process allowed		N

FIGURE 12.6 OUTPUT FOR INTERIOR ROUTER EXAMPLE

Slot1_in, rule 0, prohibits any incoming packets with source IP addresses of the internal network. Since the addresses used for internal networks cannot be routed on the Internet, they cannot be valid unless there is a leak of traffic through another router to the perimeter network.

Imagine that, as shown in the figure, the network is expanded and another range of IP addresses is used (not a sub-network). Rule 0 in the list Slot1_in will not protect this network. Either another rule can be added to this list, or the new router can filter packets into its area (or both).

Chapter 12 - Filters and Rules

104

Image 104

Avocent Cyclades-PR2000 installation manual Output for Interior Router Example

Contents

Cyclades-PR2000 Canadian DOC Notice Cyclades-PR2000 Installation ManualFCC Warning Statement Table of Contents Static Routing Dynamic Routing 112 127 HOW to USE this Manual Installation Assumptions Text Conventions CONFIG=INTERFACE=L Convention DescriptionIcons Icon Meaning Why CONFIGURATION=ALL Cyclades Technical Support and Contact Information Cyclades Corporation USA Interface What is in the BOXTo Wall Outlet Gender Changer DB-25 DB-9 Male RJ-45 Male RJ-45 to DB-25 DB-25 Male RS-232 Modem With DB-25 Interface Using CyROS Menus Login Prompt and Main Menu Lmi-typeANSI, Group of four, None Ansi CONFIGURATION=TO Flash Special Keys Cyros Management Utility CyROS Management Utility Cyclades-PR2000 STEP-BY-STEP Instructions for Common Applications RS-232 Modem Network IP PC192.168.0.0Host PR2000 Host 192.168.0.30 255.255.255.0 Step ONE Parameter Example Your ApplicationIP MTU NAT Step TWO Step Three Swan Network Protocol IP Menu Parameters Step Four Mlppp Step Five Step SIX Step Nine Step SevenStep Eight Instructions for creating a backup of the configuration file Instructions for listing the configuration Example 2 a LAN-to-LAN Example Using Frame Relay Network IP MaskETH0 PR2000 200.240.230.1 10 Ethernet Network Protocol Menu Parameters 11 Swan Physical Menu Parameters 12 Swan Network Protocol IP Menu Parameters CIR Snap IPLMI 14 DLC Configuration Menu Parameters Dlci 15 Static Route Menu Parameters Instructions for creating a backup of the configuration file Example 3 Link Backup 17 Traffic Control Parameters Swan 18 Addition of the Primary Main Link This parameter has no effect for link backup. For load 20 Multilink Circuit Attributes 21 Static Backup Route Parameters Instructions for creating a backup of the configuration file Parameter Description Configuration of the Ethernet InterfaceIP Network Protocol Config =RULES LIST=IP=CONFIGURE RULES=ADD RULE=ALLOW Incoming IP Accounting IP Bridge 200.240.240.9 200.240.240.3 200.240.240.2 200.240.240.1PR2000 Link PR3000 200.240.240.8 200.240.240.4 Other Parameters Swan and Async Interfaces Clock Source is always External Step TWO Protocol Be used for authentication Network Protocols Network Protocol IP Protocol Detailed Incoming IP Accounting Transparent Bridge Protocol DATA-LINK Protocols Encapsulation PPP The Point-to-Point Protocol PPP Menu Char Frame Relay PppcharHdlc CONFIG=INTERFACE=SWAN =TRAFFIC Control =GENERAL =BANDWIDTH T391 Interval between the LMI Status Enquiry messages N391 Dlci 200.1.1.1 São Paulo Rio de Janeiro Network Salvador Recife Network For static address mapping Switch / DCE Router / DTE Menu CONFIG=INTERFACE=LINK=ENCAPSULATION =X.25 Menu With PAD Packet Assembler/Disassembler Routing Protocols Routing StrategiesStatic Routing Dynamic Routing Static Routes 142.10.0.0 Mask192.168.100.0 10.0.0.0 Unnumbered Interfaces Add Static Route Menu Config =STATIC Routes =IP =ADD Route RIP Configuration Ospf Ospf Configuration on the Interface 10Mbps, 65 for T1, 1785 for 56kbps, etc Ospf Global Configurations =ROUTING Protocol =OSPF =ADVERTISE this NON-OSPF Interface CONFIG=STATIC ROUTES=IP=ADD ROUTE=OSPF Advertises this=PASSWORD Applies when Area Range N Status is Active Only when Virtual Link Status is Active =IP=OSPF=AREA=AUTHENTICATION Type BGP-4 Configuration Example System with PR2000 in AS 100 Being Configured 255.255.255.0 200.50.50.0 PR3000 200.200.200.2 Tele Brutus CONFIG=IP=BGP4=GLOBAL CONFIG=IP=BGP4=BGP NETWORK=ADD CONFIG=IP=BGP4=NEIGHBOR=ADD Route Reflector Client Step Three Parameter Description Route PR3000 RredUp Ro 100.10.0.0/16 Routes Seq Rule Message From Tele Popeye Route Map Parameter Description Message From Tele Popeye Rule Seq RuleDiscardedDiscarded RoutesRoutes CONFIG=IP=BGP4=ROUTE MAP=ADD CONFIG=IP=BGP4=AGGREGATE ADDRESSES=ADD Creation of the host table Creation of user accounts and passwordsCYROS, the Operating System Slip Detailed information can be accessed via Snmp IP Accounting NAT Network Address Translation Global Address Range Ftp Network Server MaskNetworks 192.168.0.0 Server 192.168.0.31 Translated Types of Address Translation Menu Option Description Interface. Five minutes is a reasonable time Step Four Configuration of IP Filters Rules and Filters Rules List Rule List Exterior Router Perimeter Network Slot 192.168.0.0 Bastion Host 10.0.0.0 Extension to Network Let Telnet Connections Out Exterior RouterLet Mail out Filters and Rules 100 Output for Exterior Router Example Filters and Rules 102 Stop Telnets From the Outside Except Bastion Host Stop Forged Packets Don’t Allow Access to NewsInterior Router Output for Interior Router Example Client B Traffic Rule ListsLink 33.33.33.1 25% or less Filters and Rules 106 Output Showing Parameters for Traffic Rule Example Filters and Rules 108 Mail Server Web Client Mail Server Web ServerPort 25 Smtp 10 Output Showing Parameters for Traffic Rule Example Number Mac Address 00 60 2E 00 11 IPX Internetwork Packet ExchangeInternal Network Enabling IPX Configuring the Ethernet InterfaceConfiguring Other Interfaces Parameter Value for the Example Frame RelayRouting SAP Service Advertisement Protocol Table Routing Table for the Example Virtual Private Network Configuration Virtual Private Network Configuration 116 Link IP10..255.255.0 Router IP AddressRSG3 Remote IP Network 9.1 Security Gateway Router Link IP172.16.0.0 Link Virtual Private Network Configuration 118 Virtual Private Network Configuration 119 Appendix a Troubleshooting Boot Code stepTest CPU What to Do if the Router Does Not Work or Stops Working Event CPU LED Morse code Testing the Ethernet Interface Host host00 Testing the WAN Interfaces Figure A.3 General Statistics Table Appendix a Troubleshooting 124 Cyclades PR2000 LEDs Appendix B Hardware Specifications LAN Interface External InterfacesWAN Interfaces Asynchronous Interface Console Interface Cables Straight-Through Cable Female Retention Screw Male DB-25 Female Signal Pin PGnd DB-25 M.34 AdaptorTxClkDTE B TxClkDTE a ASY/Modem Cable Cross Cable 20 DTR Signal Pin Pin Signal PGnd TxD RxDCross Cable DB-25 Loopback Connector Figure B.10 Loopback Connector DB-25 Male Requirements Appendix C Configuration Without a ConsoleProcedure RIP Snmp Cyclades Philippines