Manuals / Avocent / Computer Equipment / Network Router

Avocent Cyclades-PR2000 6 OUTPUT FOR INTERIOR ROUTER EXAMPLE, Filterlist Name slot1in

Models: Cyclades-PR2000

1 136

Download 136 pages 56.31 Kb

Page 104

Cyclades-PR2000

The configuration for “Stop forged packets” is shown in the following listing:

Rules Lists
Rule List Name	Rule	Default	List	Linked
	Status	Scope	Type	Rule
				List
slot1_in	Enabled	Permit	Filter
Filter_list Name slot1_in
Rule 0
Status		Enabled
Scope		Deny
Protocol		0
Source IP Operator		Equal
Source IP start		10.0.0.0
Source IP Mask		255.0.0.0
Destination IP	Operator	None
Source Port Operator		None
Destination Port Operator		None
TCP connections allowed		Y
Account Process allowed		N

FIGURE 12.6 OUTPUT FOR INTERIOR ROUTER EXAMPLE

Slot1_in, rule 0, prohibits any incoming packets with source IP addresses of the internal network. Since the addresses used for internal networks cannot be routed on the Internet, they cannot be valid unless there is a leak of traffic through another router to the perimeter network.

Imagine that, as shown in the figure, the network is expanded and another range of IP addresses is used (not a sub-network). Rule 0 in the list Slot1_in will not protect this network. Either another rule can be added to this list, or the new router can filter packets into its area (or both).

Chapter 12 - Filters and Rules

104

Image 104

Avocent Cyclades-PR2000 6 OUTPUT FOR INTERIOR ROUTER EXAMPLE, Filterlist Name slot1in, Destination Port Operator

Contents

Installation Manual Access RouterCyclades-PR2000 Cyclades CorporationCanadian DOC Notice Cyclades-PR2000 Installation ManualFCC Warning Statement IP Bridge Table of ContentsSpecial Keys OSPF Configuration on the Interface OSPF Global ConfigurationsThe IP Protocol Static RoutingCreation of user accounts and passwords DB-25 Loopback Connector Table of ContentsThe WAN Interfaces The LAN InterfaceCHAPTER 1 HOW TO USE THIS MANUAL Installation Assumptions Text ConventionsConvention DescriptionIcons IconCyclades Technical Support and Contact Information Cyclades Corporation Chapter 1 - How to Use This ManualPhone + 01 510 Fax + 01 510 41829 Albrae Street Fremont, CA USA Cyclades-PR2000Back Panel of PR2000 CHAPTER 2 WHAT IS IN THE BOXDB-25 Quick Installation Manual Back Panel of PR2000Chapter 3 Using CyROS Menus Connection Using the Console Cable and a Computer or TerminalPR2000 login super PR2000 Password ConfigAll menus have the following elements Special Keys The CyROS Management Utility Cyros Management UtilityChapter 3 - Using CyROS Menus Cyclades-PR2000Example 1 Connection to an Internet Access Provider via Modem CHAPTER 4 STEP-BY-STEP INSTRUCTIONS FOR COMMON APPLICATIONSSpeed 38.4k Network MaskParameter ExampleYour Application FIGURE 4.2 ETHERNET NETWORK PROTOCOL MENU PARAMETERSSTEP TWO ParameterExample Your ApplicationParameter ExampleYour Application FIGURE 4.4 SWAN NETWORK PROTOCOL IP MENU PARAMETERSParameter ExampleYour Application FIGURE 4.5 PPP ENCAPSULATION MENU PARAMETERSParameter ExampleYour Application ParameterSTEP SEVEN ParameterExample Your ApplicationInstructions for creating a backup of the configuration file Instructions for listing the configurationExample 2 A LAN-to-LAN Example Using Frame Relay Central OfficesRemote Site’s 100.130.130.1Parameter ExampleYour Application FIGURE 4.10 ETHERNET NETWORK PROTOCOL MENU PARAMETERSParameter ExampleYour Application DSU/CSU, the Clock Source is ExternalParameter ExampleYour Application FIGURE 4.12 SWAN NETWORK PROTOCOL IP MENU PARAMETERSsending end must be using the same header ParameterExample Your ApplicationFIGURE 4.14 DLC CONFIGURATION MENU PARAMETERS ParameterExample Your ApplicationParameter ExampleYour Application FIGURE 4.15 STATIC ROUTE MENU PARAMETERSInstructions for creating a backup of the configuration file Instructions for listing the configurationCyclades-PR2000 Chapter 4 - Step-by-Step InstructionsExample 3 Link Backup FIGURE 4.16 PRIMARY AND SECONDARY BACKUP LINKS BETWEEN TWO LANSParameter ExampleYour Application ParameterParameter ExampleYour Application ParameterThis parameter has no effect for link backup. For load This parameter has no effect for link backup. For loadParameter ExampleFIGURE 4.21 STATIC BACKUP ROUTE PARAMETERS ParameterExample Your ApplicationInstructions for creating a backup of the configuration file Instructions for listing the configurationCHAPTER 5 CONFIGURATION OF THE ETHERNET INTERFACE The IP Network ProtocolParameter DescriptionIncoming IP Accounting ParameterDescription IP Bridge FIGURE 5.1 IP BRIDGE EXAMPLEDescription Other ParametersParameter CHAPTER 6 THE SWAN AND ASYNC INTERFACES ParameterDescription the Clock Source is always ExternalSTEP TWO Parameter DescriptionConfig CHAPTER 7 NETWORK PROTOCOLSDescription The IP ProtocolParameter Detailed Incoming IP Accounting ParameterDescription The Transparent Bridge Protocol ParameterDescription For the Spanning Tree Algorithm, a priority is given to each link in the router and toCHAPTER 8 DATA-LINK PROTOCOLS ENCAPSULATION PPP The Point-to-Point ProtocolApplies when Enable Van Jacobson IP Header Compression is Yes . This ParameterLCP Link Control Protocol messages are normally exchanged to monitor the status of ParameterDescription CHAR communication. When Start is used, a connection is attempted as soon as the lineParameter DescriptionPPPCHAR HDLCFrame Relay Traffic Control based on Data Link ConnectionDescription end must be using the same header type NLPID or SNAP as the router on the receiving endParameter DLCI 200.1.1.1Router 200.1.1.1200.1.1.2 200.1.1.4 200.1.1.3Parameter DescriptionX.25 Switch / DCEX.25 FIGURE 8.2 PUBLIC X.25 NETWORK EXAMPLEDescription X.25 Menu CONFIG=INTERFACE=LINK=ENCAPSULATION =X.25Parameter Description X.25 Menu ContinuedParameter Description X.25 with PAD Packet Assembler/DisassemblerParameter Dynamic Routing CHAPTER 9 ROUTING PROTOCOLS Routing StrategiesStatic Routing Static Routes Network142.10.0.3 142.10.0.4Slot 192.168.100.1ETH0 A NetworkDescription Both Examples -- To access all hosts in Network 3, its mask, 255.255.255.0, is usedParameter Description RIP ConfigurationParameter OSPF AREAAN AUTONOMOUS SYSTEM AREA BackboneDescription OSPF Configuration on the InterfaceParameter are configured in CONFIG = INTERFACE =LINK =NETWORK PROTOCOL =IP Description OSPF Global ConfigurationsParameter Parameter DescriptionParameter DescriptionParameter DescriptionDescription only when Virtual Link Status is ActiveParameter BGP-4 Configuration 200.50.50.0 FIGURE 9.4 EXAMPLE SYSTEM WITH PR2000 IN AS 100 BEING CONFIGUREDTele Popeye Parameter DescriptionParameter DescriptionParameter DescriptionCONFIG=IP=BGP4=NEIGHBOR=ADD continued Description esir dParameter ROUTE MAP Description Applies only for Access List Type equal to AS Path. Limits the search on AS number toParameter FIGURE 9.7 ROUTE MAP ASSOCIATED WITH AN ACCESS LIST Description Alters the weight used to determine the best path. This value replaces the importanceParameter Parameter DescriptionCreation of the host table Creation of user accounts and passwordsCHAPTER 10 CYROS, THE OPERATING SYSTEM User Name Password User Type Super, Usr, Auto, or PPPAuto IP Accounting 200.200.200.11 200.200.200.10 CHAPTER 11 NAT NETWORK ADDRESS TRANSLATION200.240.230.2 NAT Enabled NAT mode Expanded Port map translation Enabled UDP Timeout min DNS Timeout min TCP Timeout min TCP flags Timeout minNAT Global Addresses # address range 1 200.240.230.225 to NAT Local Addresses # address rangeTypes of Address Translation Menu Option DescriptionMenu Option DescriptionParameter DescriptionParameter DescriptionConfiguration of IP Filters CHAPTER 12 RULES AND FILTERSConfig Same as AddRule List FIGURE 12.1 THE RULES LIST MENU TREEFIGURE 12.2 FIREWALL EXAMPLE DENY Exterior RouterSteps necessary to activate filtering on the exterior router in the example FIGURE 12.4 OUTPUT FOR EXTERIOR ROUTER EXAMPLE Linkedexteriorout Destination IP OperatorFIGURE 12.4 OUTPUT FOR EXTERIOR ROUTER EXAMPLE CONTINUED PERMIT Interior RouterDestination Port Operator FIGURE 12.6 OUTPUT FOR INTERIOR ROUTER EXAMPLEFilterlist Name slot1in Traffic Rule Lists 3 Service Prioritization Destination Port FIGURE 12.8 OUTPUT SHOWING PARAMETERS FOR TRAFFIC RULE EXAMPLE11.11.11.0 Page Port RequestsData Port AnyThe configured rules will appear as shown in the following listing CHAPTER 13 IPX INTERNETWORK PACKET EXCHANGE ETH0Slot FIGURE 13.1 IPX NETWORK EXAMPLEEnabling IPX Configuring the Ethernet InterfaceConfiguring Other Interfaces Frame Relay X.25Routing Value for the ExampleThe SAP Service Advertisement Protocol Table FIGURE 13.2 ROUTING TABLE FOR THE EXAMPLEPR4000 CHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATIONPR3000 Page REMOTE SECURITY NETWORK LOCAL SECURITY NETWORKPR2000 REMOTE SECURITY NETWORKSTEP THREE Parameter DescriptionAPPENDIX A TROUBLESHOOTING What to Do if the Login Screen Does Not Appear When Using a ConsoleBoot Code step TestCPU LED Morse code What to Do if the Router Does Not Work or Stops WorkingEvent Testing the Ethernet Interface Testing the WAN Interfaces The next 4 columns indicate bytes and packets sent and received LEDs Cyclades - PR2000APPENDIX B HARDWARE SPECIFICATIONS General Specifications Power Requirements external DC adapterPhysical Specifications SafetyExternal Interfaces The WAN InterfacesThe LAN Interface ETHERNET PORTThe Asynchronous Interface ASYNCHRONOUS PORTThe Console Interface CONSOLE PORTCables The Straight-Through CableDB-25 - M.34 Adaptor FIGURE B.7 DB-25 - M.34 ADAPTOR - DB-25 FEMALE TO M.34 MALEThe ASY/Modem Cable The Cross CableSignal SignalFIGURE B.9 CROSS CABLE - DB-25 MALE TO DB-25 MALE DB-25 Loopback Connector FIGURE B.10 LOOPBACK CONNECTOR - DB-25 MALEAppendix B - Hardware Specifications Cyclades-PR2000Requirements APPENDIX C CONFIGURATION WITHOUT A CONSOLEProcedure C Cables IndexCyclades Philippines