Chapter 10: Security Configuration Guide

creating additional delay. Therefore, one should consider the potential performance impact before turning on ACL Logging.

Maintaining ACLs Offline Using TFTP or RCP

The SSR provides two mechanisms to maintain and manipulate ACLs. The traditional method used by some of the other popular routers require the use of TFTP or RCP. With this mechanism, the administrator is encouraged to create and modify ACLs on a remote host. The administrator can use his or her favorite editor to edit, delete, replace or reorder ACL rules in a file. Once the changes are made, the administrator can then download the ACLs to the router using TFTP or RCP and make them take effect on the running system.

The following example describes how one can use TFTP to help maintain ACLs on the SSR. Suppose the following ACL commands are stored in a file on some hosts:

no acl *

 

 

acl 101

deny tcp 10.11.0.0/16

10.12.0.0/16

acl

101

permit tcp 10.11.0.0 any

acl

101

apply interface ssr12

input

 

 

 

 

The first command, no acl *, negates all commands that start with the keyword, “acl”. This tells the router to remove the application and the definition of any ACL. The administrator can be more selective if he or she wants to remove only ACL commands related to, for instance, ACL 101 by saying, no acl 101 *. The negation of all related ACL commands is important because it removes any potential confusion caused by the addition of new ACL rules to existing rules. Basically, the no acl command cleans up the system for the new ACL rules.

Once the negation command is executed, the second and the third commands proceed to redefine ACL 101. The final command applies the ACL to interface ssr12.

If the changes are accessible from a TFTP server, one can download and make the changes take effect by issuing commands like the following:

copy tftp://10.1.1.12/config/acl.changes to scratchpad copy scratchpad to active

The first copy command downloads the file acl.changes from a TFTP server and puts the commands into the temporary configuration area, scratchpad. The administrator can re- examine the changes if necessary before committing the changes to the running system.

The second copy command make the changes take effect by copying from the scratchpad to the active running system.

If the administrator needs to re-order or modify the ACL rules, one must make the changes in the acl.changes file on the remote host, download the changes and make them effective again.

SmartSwitch Router User Reference Manual

175

Page 174 Page 176
Page 175
Image 175
Cabletron Systems 9032578-02 manual Maintaining ACLs Offline Using Tftp or RCP
Page 174 Page 176

9032578-02 specifications

Cabletron Systems 9032578-02 is a notable component in the realm of networking equipment, especially recognized for its robust performance and reliability. As part of Cabletron’s commitment to delivering high-quality networking solutions, this device has become integral for many organizations seeking efficient data management.

One of the standout features of the 9032578-02 is its advanced switching capabilities. With the ability to manage multiple data streams seamlessly, it ensures that data packets are routed efficiently, minimizing latency and maximizing throughput. This is particularly crucial in environments where high-volume data transfer is the norm, such as in data centers or enterprises with extensive digital infrastructures.

The device is equipped with various connectivity options that enhance its versatility. These include support for multiple types of network interfaces, allowing for easy integration into existing systems. Whether it's Ethernet connections or fiber optics, the 9032578-02 accommodates diverse network requirements, making it suitable for various applications across different industries.

In terms of technology, the Cabletron Systems 9032578-02 employs cutting-edge networking protocols that ensure secure and reliable communication. This includes support for both IPv4 and IPv6 protocols, which future-proofs the device as organizations transition to newer standards. The incorporation of Quality of Service (QoS) features further enhances its capability to prioritize critical network traffic, ensuring that bandwidth-intensive applications receive the necessary resources for optimal performance.

Another critical characteristic of the 9032578-02 is its scalability. Organizations can expand their network infrastructure without the need for complete system overhauls. This modularity allows businesses to grow and adapt to changing demands while maintaining investment in their existing technology.

Additionally, Cabletron integrates advanced monitoring and management tools within the 9032578-02. Network administrators can easily track performance metrics, analyze traffic patterns, and troubleshoot issues in real-time. This level of visibility is essential for maintaining a stable network environment, particularly in dynamic organizational settings.

In summary, Cabletron Systems 9032578-02 is synonymous with high performance, scalability, and advanced technology. Its comprehensive features make it an excellent choice for organizations requiring reliable networking solutions that can adapt to evolving demands and ensure efficient data communication across their systems.
Top Page Image Contents