Manuals / Avocent / TV and Video / Home Theater Server

Avocent Cyclades-PR4000 installation manual Filters and Rules 131

Models: Cyclades-PR4000

1 174

Download 174 pages 19.29 Kb

Page 131

Cyclades-PR4000

Rules Lists
Rule List Name	Rule	Default	List	Linked
	Status	Scope	Type	Rule
				List
slot1_in	Enabled	Permit	Filter
Filter_list Name slot1_in
Rule 0
Status		Enabled
Scope		Deny
Protocol		0
Source IP Operator		Equal
Source IP start		10.0.0.0
Source IP Mask		255.0.0.0
Destination IP	Operator	None
Source Port Operator		None
Destination Port Operator		None
TCP connections allowed		Y
Account Process allowed		N

Slot1_in, rule 0, prohibits any incoming packets with source IP addresses of the internal network. Since the addresses used for internal networks cannot be routed on the Internet, they cannot be valid unless there is a leak of traffic through another router to the perimeter network.

Imagine that, as shown in the figure, the network is expanded and another range of IP addresses is used (not a sub-network). Rule 0 in the list Slot1_in will not protect this network. Either another rule can be added to this list, or the new router can filter packets into its area (or both).

Chapter 14 - Filters and Rules

131

Image 131

Avocent Cyclades-PR4000 installation manual Filters and Rules 131

Contents

Cyclades-PR4000 Canadian DOC Notice Cyclades-PR4000 Installation ManualFCC Warning Statement Table of Contents IP Bridge 119 139 156 HOW to USE this Manual Installation Assumptions Icons CONFIG=INTERFACE=LText Conventions Convention DescriptionCyclades Technical Support and Contact Information CONFIGURATION=ALLUSA Cyclades CorporationWhat is in the BOX With M.34 Interface Swan Expansion CardSlot with Swan RSV Card or DB-25 Male Number of Phone Lines Signaling ISDN-PRI CCS or CASProvisioning the T1/E1 Dialup Lines Phone Numbers, Hunting Groups, and Hunting Sequence Isdn Switch Type ISDN-PRI onlyOne-Way or Two-Way Service Data/Voice SupportTermination at the Customer Premises Signaling Method and Dialing Method T1 CAS-BR onlyLine Coding FramingUsing CyROS Menus Lmi-typeANSI, Group of four, None a Special Keys Discard, save to Flash, or save to Run configurationCyROS Management Utility Cyros Management UtilityCyROS Management Utility Slot #2 Port #26 Status CyROS Management Utility Operating the Front-Panel Display LCDModem Order Modem OverviewND no Slot/Link OrderInterface Overview Screen Interface OverviewSystem Info IP TrafficSyslog Messages STEP-BY-STEP Instructions for Common Applications Example 1 Using the PR4000 as a Remote Access ServerMask PR4000 Telephone Number RadiusServer NetworkNAT Step ONEParameter Example Your Application IP MTUE1/T1 Controller Menu Parameters Radius Server Parameters Step ThreeStep Five Step FourInstructions for listing the configuration 192.168.0.11 192.168.0.0Host PR4000 HostParameter Example Your Application Swan Physical Menu Parameters Global Assigned because the IP 10 PPP Encapsulation Menu Parameters MlpppStep SIX 11 Static Route Menu ParametersStep Eight Configuration =TO Flash Step NineStep Seven Instructions for listing the configuration Parameter Description Configuration of the Ethernet InterfaceIP Network Protocol Incoming IP Accounting Config =RULES LIST=IP=CONFIGURE RULES=ADD RULE=ALLOW200.240.240.8 200.240.240.4 IP Bridge200.240.240.9 200.240.240.3 200.240.240.2 200.240.240.1 PR4000 Link PR3000Other Parameters Clock Source is always External Swan InterfaceStep TWO Protocol Be used for authentication Rest Same as Add Group E1 and T1 INTERFACES, Without SignalingOtherwise, see chapter Menu Item Description CONFIG=INTERFACE=T1/E1=CHANNELHdlc Step Four Controller Menu Tree E1 and T1 INTERFACES, with SignalingCONFIG=CONTROLLER=T1/E1 BRI Line Router Analog Line Remote Users CCS Signaling Mode ISDN-PRIIntegrated Isdn Line ISDN-PRI Interface Configuration Menu Tree Timeout function Router Analog Line Remote Users CAS Signaling ModeIntegrated CAS Line All Channels Parameters Independent of Signaling ModeInterface E1/T1 CAS One Channel RangeMultilink Options Channel Menu CONFIG=INTERFACE=T1/E1=CHANNELModem Internet Service ProviderIP Address LANServerIP Address PR4000 Router a SIgnaling Config Interface E1/T1 Channel=MODEMS =DIGITAL Modem Parameter Description Copy From Channel Interface T1/E1 Channel Wizards TS ProfileRAS Profile LAN-to-LAN ProfileAnsi Menu Items Description12 Parameters SET by the RAS Wizard 13 Parameters SET by the LAN-TO-LAN Wizard Network Protocol Network ProtocolsIP Protocol Detailed Incoming IP Accounting Transparent Bridge Protocol PPP The Point-to-Point Protocol DATA-LINK Protocols EncapsulationPPP Menu Char Frame Relay PppcharHdlc Parameter Description 200.1.1.1 DlciSalvador Recife Network São Paulo Rio de Janeiro NetworkParameter Description Router / DTE Switch / DCEModem or Step ONE Menu With PAD Packet Assembler/Disassembler Dynamic Routing Routing ProtocolsRouting Strategies Static Routing10.0.0.0 Static Routes142.10.0.0 Mask 192.168.100.0Interfaces UnnumberedAdd Static Route Menu Config =STATIC Routes =IP =ADD Route RIP Configuration Ospf Ospf Configuration on the Interface 10Mbps, 65 for T1, 1785 for 56kbps, etc Ospf Global Configurations =ROUTING Protocol =OSPF =ADVERTISE this NON-OSPF Interface CONFIG=STATIC ROUTES=IP=ADD ROUTE=OSPF Advertises this=PASSWORD Applies when Area Range N Status is Active =IP=OSPF=AREA=AUTHENTICATION Type Only when Virtual Link Status is ActiveBGP-4 Configuration 255.255.255.0 200.50.50.0 PR3000 200.200.200.2 Tele Brutus Example System with PR3000 in AS 100 Being ConfiguredCONFIG=IP=BGP4=BGP NETWORK=ADD CONFIG=IP=BGP4=GLOBALRoute Reflector Client CONFIG=IP=BGP4=NEIGHBOR=ADDRouting Protocols 107 Parameter Description Route PR3000 RredUp Ro 100.10.0.0/16 Seq Rule Message From Tele Popeye Route Map RoutesRouting Protocols 110 Message From Tele Popeye Rule Seq RuleDiscardedDiscarded RoutesRoutes CONFIG=IP=BGP4=ROUTE MAP=ADD CONFIG=IP=BGP4=AGGREGATE ADDRESSES=ADD Creation of the host table Creation of user accounts and passwordsCYROS, the Operating System Slip IP Accounting Detailed information can be accessed via SnmpPR4000 With NAT Network Address TranslationTranslated Types of Address Translation Menu Option Description Interface. Five minutes is a reasonable time NAT 122 Rules and Filters Configuration of IP FiltersRule List Rules ListBastion Host 10.0.0.0 Extension to Network Exterior Router Perimeter Network Slot 192.168.0.0Let Telnet Connections Out Exterior RouterLet Mail out Filters and Rules 127 TCP Interior Router Output for IP Filtering ExampleStop Telnets From the Outside Except Bastion Host Stop Forged Packets Don’t Allow Access to NewsFilters and Rules 131 Client B Traffic Rule ListsLink 33.33.33.1 25% or less Filters and Rules 133 Filterlist Name traffic1 Output Showing Parameters for Traffic Rule Example Back Operator Start Number Mac Address 00 60 2E 00 11 IPX Internetwork Packet ExchangeIPX Network Internal NetworkEnabling IPX Configuring the Ethernet InterfaceConfiguring Other Interfaces Parameter Value for the Example Frame RelayRouting Routing Table for the Example SAP Service Advertisement Protocol TableVirtual Private Network Configuration Virtual Private Network Configuration 143 IP172.16.0.0 Link Link IP10..255.255.0Router IP Address RSG3 Remote IP Network 9.1 Security Gateway Router LinkVirtual Private Network Configuration 145 Virtual Private Network Configuration 146 Test CPU Boot Code step Appendix a TroubleshootingEvent Port 2 LED Morse code What to Do if the Router Does Not Work or Stops WorkingTesting the Ethernet Interface Testing the WAN Interface Testing the Two T1/E1 Ports Use of a Cross Cable for Testing T1/E1 Ports and ModemsHow to Test the Modems DPS Test Results 113 Physical Specifications Appendix B. Hardware SpecificationsGeneral Specifications Power RequirementsRTS DTR External InterfacesConsole Port Console PortTPTX+ Tptx TPRX+ Tprx Ethernet PortEthernet Port T1/E1 Interface T1 and E1Straight-Through Cable CablesCross Cable Pin 13 B 10 F 15 S 17 T 24 W 11 U DB-25 Male Cyclades Router Signal Pin PGndRouter-MD / V.35 Cable DB-25 to M.34 Adapter Cross Cable for Testing the T1/E1 Ports TxD/V.35 B TxD/V.35 a RxD/V.35 B RxD/V.35 a Signal Pin PGndISO 2110 Standard Cable DB-25 Male Modem Cyclades RouterRJ-45 Male E1 / DB-15 CableRequirements Appendix C Configuration Without a ConsoleProcedure Step Two Appendix D Installation of Additional Digital ModemsAppendix D Installation of Additional Digital Modems Step OneStep Five Step FourStep Seven Step SixClamp Slot Clamp Step EightStep Nine Step Eleven Step TenIndex 172 Index 173 Cyclades Philippines