Output for IP Filtering Example | Avocent Cyclades-PR4000 guide

Cyclades-PR4000

Filter_list Name exterior_out
Rule 0
Status		Enabled
Scope		Permit
Protocol		TCP
Source IP Operator		Equal
Source IP start		192.168.0.3
Source IP Mask		255.255.255.255
Destination IP	Operator	None
Source Port Operator		Equal
Source Port Start		SMTP
Destination Port	Operator	Greater than
Destination Port Start		1023
TCP connections allowed		N
Account Process allowed		N

FIGURE 12.4 OUTPUT FOR IP FILTERING EXAMPLE

Interior Router

If an interior router exists in the network, the administrator may decide to use a Default Scope of Permit. In this case, all undesired traffic must be excluded by a rule in the rule list. In Figure 12.5, a conceptual equivalent of the interface is shown.

All packets except those which fall into the holes in the ball will be allowed entry in to or out of the network.

Chapter 14 - Filters and Rules

129

Image 129

Avocent Cyclades-PR4000 installation manual Output for IP Filtering Example, Interior Router

Contents

Cyclades-PR4000 Cyclades-PR4000 Installation Manual FCC Warning StatementCanadian DOC Notice Table of Contents IP Bridge 119 139 156 HOW to USE this Manual Installation Assumptions Text Conventions CONFIG=INTERFACE=LConvention Description Icons Cyclades Technical Support and Contact Information CONFIGURATION=ALL USA Cyclades Corporation What is in the BOX Swan Expansion Card Slot with Swan RSV Card or DB-25 MaleWith M.34 Interface Signaling ISDN-PRI CCS or CAS Provisioning the T1/E1 Dialup LinesNumber of Phone Lines One-Way or Two-Way Service Isdn Switch Type ISDN-PRI onlyData/Voice Support Phone Numbers, Hunting Groups, and Hunting Sequence Line Coding Signaling Method and Dialing Method T1 CAS-BR onlyFraming Termination at the Customer Premises Using CyROS Menus Lmi-typeANSI, Group of four, None a Special Keys Discard, save to Flash, or save to Run configuration CyROS Management Utility Cyros Management Utility CyROS Management Utility Slot #2 Port #26 Status CyROS Management Utility Operating the Front-Panel Display LCD Modem Order Modem Overview ND no Slot/Link Order Interface Overview Screen Interface Overview IP Traffic Syslog MessagesSystem Info STEP-BY-STEP Instructions for Common Applications Example 1 Using the PR4000 as a Remote Access Server Server RadiusNetwork Mask PR4000 Telephone Number Parameter Example Your Application Step ONEIP MTU NAT E1/T1 Controller Menu Parameters Radius Server Parameters Step Three Step Five Step Four Instructions for listing the configuration Host 192.168.0.0PR4000 Host 192.168.0.11 Parameter Example Your Application Swan Physical Menu Parameters Global Assigned because the IP 10 PPP Encapsulation Menu Parameters Mlppp Step SIX 11 Static Route Menu Parameters Configuration =TO Flash Step Nine Step SevenStep Eight Instructions for listing the configuration Configuration of the Ethernet Interface IP Network ProtocolParameter Description Incoming IP Accounting Config =RULES LIST=IP=CONFIGURE RULES=ADD RULE=ALLOW 200.240.240.9 200.240.240.3 200.240.240.2 200.240.240.1 IP BridgePR4000 Link PR3000 200.240.240.8 200.240.240.4 Other Parameters Clock Source is always External Swan Interface Step TWO Protocol Be used for authentication Rest Same as Add Group E1 and T1 INTERFACES, Without Signaling Otherwise, see chapter Menu Item Description CONFIG=INTERFACE=T1/E1=CHANNEL Hdlc Step Four Controller Menu Tree E1 and T1 INTERFACES, with Signaling CONFIG=CONTROLLER=T1/E1 CCS Signaling Mode ISDN-PRI Integrated Isdn LineBRI Line Router Analog Line Remote Users ISDN-PRI Interface Configuration Menu Tree Timeout function CAS Signaling Mode Integrated CAS LineRouter Analog Line Remote Users Interface E1/T1 CAS One Channel Parameters Independent of Signaling ModeRange All Channels Multilink Options Channel Menu CONFIG=INTERFACE=T1/E1=CHANNEL Modem Internet Service Provider LANServer IP Address PR4000IP Address Router a SIgnaling Config Interface E1/T1 Channel =MODEMS =DIGITAL Modem Parameter Description RAS Profile Interface T1/E1 Channel Wizards TS ProfileLAN-to-LAN Profile Copy From Channel Ansi Menu Items Description 12 Parameters SET by the RAS Wizard 13 Parameters SET by the LAN-TO-LAN Wizard Network Protocol Network Protocols IP Protocol Detailed Incoming IP Accounting Transparent Bridge Protocol PPP The Point-to-Point Protocol DATA-LINK Protocols Encapsulation PPP Menu Char Pppchar HdlcFrame Relay Parameter Description 200.1.1.1 Dlci Salvador Recife Network São Paulo Rio de Janeiro Network Parameter Description Switch / DCE Modem orRouter / DTE Step ONE Menu With PAD Packet Assembler/Disassembler Routing Strategies Routing ProtocolsStatic Routing Dynamic Routing 142.10.0.0 Mask Static Routes192.168.100.0 10.0.0.0 Interfaces Unnumbered Add Static Route Menu Config =STATIC Routes =IP =ADD Route RIP Configuration Ospf Ospf Configuration on the Interface 10Mbps, 65 for T1, 1785 for 56kbps, etc Ospf Global Configurations CONFIG=STATIC ROUTES=IP=ADD ROUTE=OSPF Advertises this =PASSWORD=ROUTING Protocol =OSPF =ADVERTISE this NON-OSPF Interface Applies when Area Range N Status is Active =IP=OSPF=AREA=AUTHENTICATION Type Only when Virtual Link Status is Active BGP-4 Configuration 255.255.255.0 200.50.50.0 PR3000 200.200.200.2 Tele Brutus Example System with PR3000 in AS 100 Being Configured CONFIG=IP=BGP4=BGP NETWORK=ADD CONFIG=IP=BGP4=GLOBAL Route Reflector Client CONFIG=IP=BGP4=NEIGHBOR=ADD Routing Protocols 107 Route PR3000 Rred Up Ro 100.10.0.0/16Parameter Description Seq Rule Message From Tele Popeye Route Map Routes Routing Protocols 110 Seq Rule DiscardedDiscarded RoutesRoutesMessage From Tele Popeye Rule CONFIG=IP=BGP4=ROUTE MAP=ADD CONFIG=IP=BGP4=AGGREGATE ADDRESSES=ADD Creation of user accounts and passwords CYROS, the Operating SystemCreation of the host table Slip IP Accounting Detailed information can be accessed via Snmp PR4000 With NAT Network Address Translation Translated Types of Address Translation Menu Option Description Interface. Five minutes is a reasonable time NAT 122 Rules and Filters Configuration of IP Filters Rule List Rules List Bastion Host 10.0.0.0 Extension to Network Exterior Router Perimeter Network Slot 192.168.0.0 Exterior Router Let Mail outLet Telnet Connections Out Filters and Rules 127 TCP Interior Router Output for IP Filtering Example Stop Telnets From the Outside Except Bastion Host Stop Forged Packets Don’t Allow Access to News Filters and Rules 131 Traffic Rule Lists Link 33.33.33.1 25% or lessClient B Filters and Rules 133 Filterlist Name traffic1 Output Showing Parameters for Traffic Rule Example Back Operator Start IPX Network IPX Internetwork Packet ExchangeInternal Network Number Mac Address 00 60 2E 00 11 Configuring the Ethernet Interface Configuring Other InterfacesEnabling IPX Frame Relay RoutingParameter Value for the Example Routing Table for the Example SAP Service Advertisement Protocol Table Virtual Private Network Configuration Virtual Private Network Configuration 143 Router IP Address Link IP10..255.255.0RSG3 Remote IP Network 9.1 Security Gateway Router Link IP172.16.0.0 Link Virtual Private Network Configuration 145 Virtual Private Network Configuration 146 Test CPU Boot Code step Appendix a Troubleshooting Event Port 2 LED Morse code What to Do if the Router Does Not Work or Stops Working Testing the Ethernet Interface Testing the WAN Interface Testing the Two T1/E1 Ports Use of a Cross Cable for Testing T1/E1 Ports and Modems How to Test the Modems DPS Test Results 113 General Specifications Appendix B. Hardware SpecificationsPower Requirements Physical Specifications Console Port External InterfacesConsole Port RTS DTR Ethernet Port Ethernet PortTPTX+ Tptx TPRX+ Tprx T1/E1 Interface T1 and E1 Straight-Through Cable Cables Cross Cable DB-25 Male Cyclades Router Signal Pin PGnd Router-MD / V.35 CablePin 13 B 10 F 15 S 17 T 24 W 11 U DB-25 to M.34 Adapter Cross Cable for Testing the T1/E1 Ports ISO 2110 Standard Cable Signal Pin PGndDB-25 Male Modem Cyclades Router TxD/V.35 B TxD/V.35 a RxD/V.35 B RxD/V.35 a RJ-45 Male E1 / DB-15 Cable Appendix C Configuration Without a Console ProcedureRequirements Appendix D Installation of Additional Digital Modems Appendix D Installation of Additional Digital ModemsStep One Step Two Step Five Step Four Step Six Clamp SlotStep Seven Step Eight Step NineClamp Step Eleven Step Ten Index 172 Index 173 Cyclades Philippines