ASYNC ROUTER AR-P, AR-5, AND SYNC ROUTER REFERENCE MANUAL

Use the ripfilter command to configure and modify RIP filters. If enabled, all incoming and outgoing RIP packets are filtered through RIP filters. There are three IPX filter lists:

General (filter command)

RIP (ripfilter command)

SAP (sapfilter command)

Packets are checked for filter matches using these three lists in the order: general list, RIP list, SAP list.

Filtering restrictions apply to packets destined for the Router and those transitioning through the Router. The result of passing a packet to the filtering module is a decision to allow or deny further processing of the packet. The next hop is not considered.

Filtering is based on a prioritized list of filter expressions or FEs. Filter expressions are added to the Router through use of the filter, ripfilter and sapfilter commands. The action specified in the first filter expression found in the Filter list that matches the packet in question is applied.

All IPX filtering is disabled by default. Filtering takes effect when the enable command for a filter list (General, RIP, or SAP) is entered by the user. Filter-list entries stay in place across reboots only if the config save command is entered before restarting.

There is no notion of filter modes. The filter list can be a mix of allowed and denied address/protocol/port/interface/flag/direction specifications.

The default action if no match is found is to allow the packet. A user can override this by specifying a filter expression with wildcard address entries as the lowest priority filter expression.

Subcommands and parameters

ripfilter add name

Adds an RIP packet filter of name name.

name—A 1- to 6-character ASCII identifier chosen by the user to easily reference filter expressions. Each filter expression must have a unique name.

[-iiface [/frame_type]]—Specify a legal interface. See the general description of interfaces at the beginning of this chapter for more information.

ifaceeth0, modem0-4, sync0

frame_type—Specified as part of the interface, and can be either 802.3, 802.2, SNAP or II (for Ethernet Type 2). Use a slash to separate the iface from the frame_type, for example, eth0/802.2. If left unspecified, the default frame_type is 802.3.

[-qquery_type]—Specify the type of query.

query_type—Enter either request or response. If the query_type is not specified, it is assumed to be both, for example, request and response.

[-nserver_name]}—Specify the server name.

server_name—Name the server using an ASCII string of up to 48 characters. If server_name is not specified, then it is assumed to be null (any server name).

-t {allow deny nodial}

199

Page 199
Image 199
Black Box LRA005A-R2, LRS002A-R2, LRA001A-R2 manual 199, Ripfilter add name, Allow deny nodial