Manuals / Cabletron Systems / Computer Equipment / Switch

Cabletron Systems CSX1200 manual TCP and UDP Ports, Neq, Range, IP Filters Background Information

Models: CSX1000 CSX1200

1 644
Download 644 pages 26.85 Kb
Page 251
Image 251

CONFIGURING ADVANCED IP ROUTING

IP Filters

TCP AND UDP PORTS

These elements allow filtering based on the TCP Source and Destination Port fields, which are treated as 16 bit unsigned quantities (0-65535). These can be used to trap applications that have well-known port addresses, such as Telnet, FTP, etc. The packet’s port value is compared to the value in the type using the specified operator:

EQ

equal to <port>

NEQ

not equal to <port>

LT

less than <port>

GT

greater than <port>

RANGE

inclusive range <port1> <= packet port value> = <port2>

Examples:

EQ 23: TCP port for the Telnet protocol.

RANGE 0 65535:Any TCP port (wild card and default).

TCP CONTROL

This element accesses the control bits of the TCP header, which are utilized to initiate and maintain the state of a TCP connection. “ANY” is the wild card and default value. TCP packets whose ACK or RST control bits are set will match the ESTABLISHED value, since they belong to an established connection. Conversely, a TCP packet which is attempting to open a new connection will carry neither of these bits and will match the NOT-ESTABLISHED value.

ICMP TYPE AND CODE

These fields allow filtering based on the specific function of an ICMP packet, via the Type and Code fields. Using an operator of EQUAL or NOT EQUAL, the packet’s Type/Code is compared against the target values. These values may be a numeric quantity between 0 and 255; or the mnemonic “ANY” can be used with an EQUAL comparison as the wild card value.

IP FILTERS BACKGROUND INFORMATION

A filter is a list of conditions. It is the logical element which is applied to a point in the routing process to control packet flow. Each condition within a filter is created from one of the previously- defined packet types, along with the action to take when a packet matches that type.

IP Filters modify the normal processing flow of an IP packet as it passes through the various stages of IP Processing. When an IP packet encounters a filter, the filter’s output - DISCARD or FORWARD - determines if the packet has permission to continue. There are two types of IP Filters. Forwarding Filters are selectively applied to the key locations in the IP routing process. The Connection Filter is applied to those datagrams which trigger a WAN connection in order to satisfy the forwarding process.

The following illustrates a packet that is passing through a filter. The packet is checked against each of the individual conditions of the filter before an action is performed:

Workgroup Remote Access Switch 251

Page 250 Page 252
Page 251
Image 251
Cabletron Systems CSX1200, CSX1000 manual TCP and UDP Ports, Neq, Range, IP Filters Background Information
Page 250 Page 252