Manuals / Avocent / Computer Equipment / Network Router

Avocent Cyclades-PR2000 installation manual Deny, Exterior Router

Models: Cyclades-PR2000

1 136

Download 136 pages 56.31 Kb

Page 99

Exterior Router

Cyclades-PR2000

Exterior Router

The exterior router is the network’s first defense against attacks. For this reason, it is reasonable to prohibit all packets except for those explicitly allowed. This is done by choosing the Default Scope to be Deny. Thus, ALL desired traffic must be expressly allowed by the rules in the rule list.

DENY

Let

e-mail out

Wo
	rl
	d
	of
		P
			o
			s
			s
			i
			b
			l
			e
			P
			a
			c
	Let		k
	Let		s
			e
			t
	e-mail in
	DENY

DENY

Let Telnet

Connections Out

FIGURE 12.3 DENY AS DEFAULT SCOPE

In Figure 12.3, a conceptual equivalent of the interface is shown. All packets except those which fall into the holes in the ball will be denied entry in to or out of the network.

Chapter 12 - Filters and Rules

99

Image 99

Avocent Cyclades-PR2000 installation manual Deny, Exterior Router

Contents

Cyclades Corporation Installation ManualAccess Router Cyclades-PR2000Cyclades-PR2000 Installation Manual FCC Warning StatementCanadian DOC Notice Table of Contents Special KeysIP Bridge Static Routing OSPF Configuration on the InterfaceOSPF Global Configurations The IP ProtocolCreation of user accounts and passwords The LAN Interface DB-25 Loopback ConnectorTable of Contents The WAN InterfacesCHAPTER 1 HOW TO USE THIS MANUAL Text Conventions Installation AssumptionsIcon ConventionDescription IconsCyclades Technical Support and Contact Information Cyclades-PR2000 Cyclades CorporationChapter 1 - How to Use This Manual Phone + 01 510 Fax + 01 510 41829 Albrae Street Fremont, CA USACHAPTER 2 WHAT IS IN THE BOX DB-25Back Panel of PR2000 Back Panel of PR2000 Quick Installation ManualConfig Chapter 3 Using CyROS MenusConnection Using the Console Cable and a Computer or Terminal PR2000 login super PR2000 PasswordAll menus have the following elements Special Keys Cyros Management Utility The CyROS Management UtilityCyclades-PR2000 Chapter 3 - Using CyROS MenusNetwork Mask Example 1 Connection to an Internet Access Provider via ModemCHAPTER 4 STEP-BY-STEP INSTRUCTIONS FOR COMMON APPLICATIONS Speed 38.4kFIGURE 4.2 ETHERNET NETWORK PROTOCOL MENU PARAMETERS ParameterExample Your ApplicationYour Application STEP TWOParameter ExampleFIGURE 4.4 SWAN NETWORK PROTOCOL IP MENU PARAMETERS ParameterExample Your ApplicationFIGURE 4.5 PPP ENCAPSULATION MENU PARAMETERS ParameterExample Your ApplicationParameter ParameterExample Your ApplicationYour Application STEP SEVENParameter ExampleInstructions for listing the configuration Instructions for creating a backup of the configuration file100.130.130.1 Example 2 A LAN-to-LAN Example Using Frame RelayCentral Offices Remote Site’sFIGURE 4.10 ETHERNET NETWORK PROTOCOL MENU PARAMETERS ParameterExample Your ApplicationDSU/CSU, the Clock Source is External ParameterExample Your ApplicationFIGURE 4.12 SWAN NETWORK PROTOCOL IP MENU PARAMETERS ParameterExample Your ApplicationYour Application sending end must be using the same headerParameter ExampleYour Application FIGURE 4.14 DLC CONFIGURATION MENU PARAMETERSParameter ExampleFIGURE 4.15 STATIC ROUTE MENU PARAMETERS ParameterExample Your ApplicationChapter 4 - Step-by-Step Instructions Instructions for creating a backup of the configuration fileInstructions for listing the configuration Cyclades-PR2000FIGURE 4.16 PRIMARY AND SECONDARY BACKUP LINKS BETWEEN TWO LANS Example 3 Link BackupParameter ParameterExample Your ApplicationParameter ParameterExample Your ApplicationExample This parameter has no effect for link backup. For loadThis parameter has no effect for link backup. For load ParameterYour Application FIGURE 4.21 STATIC BACKUP ROUTE PARAMETERSParameter ExampleInstructions for listing the configuration Instructions for creating a backup of the configuration fileDescription CHAPTER 5 CONFIGURATION OF THE ETHERNET INTERFACEThe IP Network Protocol ParameterParameter DescriptionIncoming IP Accounting FIGURE 5.1 IP BRIDGE EXAMPLE IP BridgeOther Parameters ParameterDescription the Clock Source is always External CHAPTER 6 THE SWAN AND ASYNC INTERFACESParameter DescriptionSTEP TWO Description ParameterCHAPTER 7 NETWORK PROTOCOLS ConfigThe IP Protocol ParameterDescription Parameter DescriptionDetailed Incoming IP Accounting For the Spanning Tree Algorithm, a priority is given to each link in the router and to The Transparent Bridge ProtocolParameter DescriptionParameter CHAPTER 8 DATA-LINK PROTOCOLS ENCAPSULATIONPPP The Point-to-Point Protocol Applies when Enable Van Jacobson IP Header Compression is Yes . ThisParameter DescriptionLCP Link Control Protocol messages are normally exchanged to monitor the status of Description CHARcommunication. When Start is used, a connection is attempted as soon as the line ParameterTraffic Control based on Data Link Connection PPPCHARHDLC Frame Relayend must be using the same header type NLPID or SNAP as the router on the receiving end ParameterDescription 200.1.1.1 DLCI200.1.1.4 200.1.1.3 Router200.1.1.1 200.1.1.2Description ParameterFIGURE 8.2 PUBLIC X.25 NETWORK EXAMPLE X.25Switch / DCE X.25X.25 Menu CONFIG=INTERFACE=LINK=ENCAPSULATION =X.25 ParameterDescription X.25 Menu Continued ParameterDescription X.25 with PAD Packet Assembler/Disassembler ParameterDescription CHAPTER 9 ROUTING PROTOCOLS Routing Strategies Static RoutingDynamic Routing 142.10.0.4 Static RoutesNetwork 142.10.0.3A Network Slot192.168.100.1 ETH0Both Examples -- To access all hosts in Network 3, its mask, 255.255.255.0, is used ParameterDescription RIP Configuration ParameterDescription AREA Backbone OSPFAREA AN AUTONOMOUS SYSTEMOSPF Configuration on the Interface ParameterDescription are configured in CONFIG = INTERFACE =LINK =NETWORK PROTOCOL =IP OSPF Global Configurations ParameterDescription Description ParameterDescription ParameterDescription Parameteronly when Virtual Link Status is Active ParameterDescription BGP-4 Configuration FIGURE 9.4 EXAMPLE SYSTEM WITH PR2000 IN AS 100 BEING CONFIGURED Tele Popeye200.50.50.0 Description ParameterDescription ParameterDescription ParameterCONFIG=IP=BGP4=NEIGHBOR=ADD continued esir d ParameterDescription ROUTE MAP Applies only for Access List Type equal to AS Path. Limits the search on AS number to ParameterDescription FIGURE 9.7 ROUTE MAP ASSOCIATED WITH AN ACCESS LIST Alters the weight used to determine the best path. This value replaces the importance ParameterDescription Description ParameterCreation of user accounts and passwords CHAPTER 10 CYROS, THE OPERATING SYSTEMCreation of the host table User Name Password User Type Super, Usr, Auto, or PPPAuto IP Accounting CHAPTER 11 NAT NETWORK ADDRESS TRANSLATION 200.240.230.2200.200.200.11 200.200.200.10 NAT Local Addresses # address range NAT Enabled NAT mode Expanded Port map translation EnabledUDP Timeout min DNS Timeout min TCP Timeout min TCP flags Timeout min NAT Global Addresses # address range 1 200.240.230.225 toTypes of Address Translation Description Menu OptionDescription Menu OptionDescription ParameterDescription ParameterCHAPTER 12 RULES AND FILTERS Configuration of IP FiltersFIGURE 12.1 THE RULES LIST MENU TREE ConfigSame as Add Rule ListFIGURE 12.2 FIREWALL EXAMPLE Exterior Router DENYSteps necessary to activate filtering on the exterior router in the example Destination IP Operator FIGURE 12.4 OUTPUT FOR EXTERIOR ROUTER EXAMPLELinked exterioroutFIGURE 12.4 OUTPUT FOR EXTERIOR ROUTER EXAMPLE CONTINUED Interior Router PERMITFIGURE 12.6 OUTPUT FOR INTERIOR ROUTER EXAMPLE Filterlist Name slot1inDestination Port Operator Traffic Rule Lists 3 Service Prioritization FIGURE 12.8 OUTPUT SHOWING PARAMETERS FOR TRAFFIC RULE EXAMPLE 11.11.11.0Destination Port Page Port Any PortRequests DataThe configured rules will appear as shown in the following listing FIGURE 13.1 IPX NETWORK EXAMPLE CHAPTER 13 IPX INTERNETWORK PACKET EXCHANGEETH0 SlotConfiguring the Ethernet Interface Configuring Other InterfacesEnabling IPX Value for the Example Frame RelayX.25 RoutingFIGURE 13.2 ROUTING TABLE FOR THE EXAMPLE The SAP Service Advertisement Protocol TableCHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATION PR3000PR4000 Page REMOTE SECURITY NETWORK REMOTE SECURITY NETWORKLOCAL SECURITY NETWORK PR2000STEP THREE Description ParameterTest APPENDIX A TROUBLESHOOTINGWhat to Do if the Login Screen Does Not Appear When Using a Console Boot Code stepWhat to Do if the Router Does Not Work or Stops Working EventCPU LED Morse code Testing the Ethernet Interface Testing the WAN Interfaces The next 4 columns indicate bytes and packets sent and received Cyclades - PR2000 LEDsSafety APPENDIX B HARDWARE SPECIFICATIONS General SpecificationsPower Requirements external DC adapter Physical SpecificationsETHERNET PORT External InterfacesThe WAN Interfaces The LAN InterfaceCONSOLE PORT The Asynchronous InterfaceASYNCHRONOUS PORT The Console InterfaceThe Straight-Through Cable CablesFIGURE B.7 DB-25 - M.34 ADAPTOR - DB-25 FEMALE TO M.34 MALE DB-25 - M.34 AdaptorSignal The ASY/Modem CableThe Cross Cable SignalFIGURE B.9 CROSS CABLE - DB-25 MALE TO DB-25 MALE Cyclades-PR2000 DB-25 Loopback ConnectorFIGURE B.10 LOOPBACK CONNECTOR - DB-25 MALE Appendix B - Hardware SpecificationsAPPENDIX C CONFIGURATION WITHOUT A CONSOLE ProcedureRequirements Index C CablesCyclades Philippines