Manuals / Echo / Computer Equipment / Network Router

Echo EN55022 manual Appendix G Ip Filter Examples, G.1 Source and Destination IP Address

Models: EN55022

1 59

Download 59 pages 20.16 Kb

Page 52

APPENDIX G IP FILTER EXAMPLES

If IP filtering is active then all packets received are checked against the filter table before processing by the Router. Packets are also compared to the IP Filter Table when the IP Filter is set to Bridge.

The IP Filter can have 32 lines or entries. An entry does not initially become active until the user exits the menu. Future amendments are acted upon immediately after entry.

It should be noted that the filter table is sequentially searched for any IP packet received until a match is found. A filter table with many entries can impose significant processor loading and a leads to increased latency.

The filter table is made up of three elements:

1.Source and destination IP address.

2.Protocol selection

3.Port or socket selection for TCP and UDP packets.

Each section supports a ‘wildcard’ for a match e.g. to pass only TCP packets you would wildcard the source and destination IP address and wildcard the port numbers.

Each line in the filter table can be configured to PASS or FAIL. By default this value is FAIL. Normal operation would put a number of entries in the filter table that would pass packets if a match occurs. It is possible to use the reverse and define each line so that a match results in failure. You could then enter a last line with wildcards in all three sections to pass.

G.1 Source and Destination IP Address

Each filter table entry consists of an IP address and a mask. The IP address in the packet is combined with the mask and compared with the entry in the table. If the result matches then processing continues along the line. If the result fails then the same operation is performed against the next line entry.

Masks are displayed in hexadecimal format for ease of bit identification. Values can be entered in the normal decimal dot notation or as a single hex number e.g. 255.128.0.0 or FF800000. Any value or order of bits can be entered as the mask. A mask of FFCF0040 is a valid mask.

Echo LANlink Router Option User Manual

Issue 1.0 04 December 1997 Page 52 of 59

Image 52

Echo EN55022 manual Appendix G Ip Filter Examples, G.1 Source and Destination IP Address

Contents

Page Router Option User Manual Part Number EA88001AWARNING - BEFORE INSTALLATION, PLEASE REFER TO SAFETY INSTRUCTIONS IN 5SXLANlinkCONTENTS INSTALLATIONUSE AND CONFIGURATION ROUTER MENU OPTIONSAppendix I ROUTER MAINTENANCE MENU Appendix A WARNINGSAppendix B APPROVAL REQUIREMENTS Appendix C EMC REQUIREMENTSGLOSSARY 1 INTRODUCTION Echo LANlink Router Option User ManualFigure 1 Linking two LANs together 1.1 Functional Overview 1.2 Typical ApplicationsFigure 2 Restrictive Firewall Example 2 USE AND CONFIGURATION 2.1 Router Configurationlogin Default terminal VT 100/220/320/420. OK y or n?Supported Terminal Types returnFigure 4 Main Menu Screen 2.4 Router Management Figure 5 Router Management Screen 2.4.1 General Keyboard Conventionsselects/initiates the highlighted option 2.4.2 Parameter SelectionIssue 1.0 04 December 1997 Page 12 of Figure 6 Entering a ParameterEcho LANlink Router Option User Manual 2.5 Multiplexer Management Figure 7 Main Multiplexer Configuration Page2.5.1 Allocating bandwidth to the Router 2.5.3 Clearing the Configuration back to Factory Default 2.6 System StatusFigure 8 Example Timeslot Set-up 2.5.2 Returning to the Main Menu Screen2.6.3 REMOTE ALARM 2.6.6 MAIN LINK HIGH BIT ERROR RATE2.6.8 D/I REMOTE ALARM 2.6.1 MAIN LINK CARRIER LOSS2.6.9 ROUTER WAN LINK STATUS Issue 1.0 04 December 1997 Page 16 ofThe status of the link between the two routers is displayed Echo LANlink Router Option User Manual3 INSTALLATION WARNING - Refer to Appendix A for Safety Instructions3.1 Opening the Multiplexer Figure 9 Echo LANlink Baseboard3.2 Internal Link LK13 3.3 Installing the Router OptionFigure 10 Echo LANlink showing Router Option Fitted 3.4 Testing 3.5 Data Connections3.6 Front Panel LEDs LED Label3.7 Quick Configuration 3.7.1 Multiplexer Configuration3.7.2 Router Configuration 3.7.2.1 Service Name3.7.2.8 IPX Configuration 3.7.2.4 Receive IP RIP3.7.2.5 Transmit IP RIP 3.7.2.6 IP Broadcast3.7.2.11 Receive IPX RIP 3.7.2.12 Transmit IPX RIP3.7.2.13 Receive IPX SAP 3.7.2.14 Transmit IPX SAP4 ROUTER MENU OPTIONS 4.1 UNIT STATUSPARAMETER DESCRIPTION4.2 TRAFFIC ANALYSIS 4.2.1 IP ROUTING TABLEPARAMETER DESCRIPTION4.2.2 IP ARP TABLE PARAMETERDESCRIPTION PARAMETERPARAMETER 4.2.3 IPX RIP TABLEDESCRIPTION PARAMETER 4.2.4 IPX SAP TABLEDESCRIPTION 4.3 NETWORK LOADING 4.2.5 SHOW TRAFFIC DETAILSPARAMETER DESCRIPTION4.4.2 NAME SERVER CONFIGURATION 4.4 REMOTE MANAGEMENT4.4.1 TELNET OUT PARAMETER4.4.2.1 NAME TO IP CACHE 4.4.3 SECURITYPARAMETER DESCRIPTION4.5 UNIT CONFIGURATION 4.4.4 SNMP SETUPPARAMETER DESCRIPTION4.6 SERVICE SETUP 4.6.1 ETHERNET SERVICE SETUPPARAMETER DESCRIPTIONPARAMETER OPTIONSDESCRIPTION Packet4.6.2 WAN SERVICE SETUP PARAMETERDESCRIPTION OPTIONS4.6.2.1 PPP SETUP PARAMETERDESCRIPTION OPTIONS4.7 FILTER SETUP 4.7.1 MAC FILTERS WAN or EthernetMENU SELECTION DESCRIPTION4.7.2 IP FILTER WAN or Ethernet LIST PARAMETERMENU SELECTION DESCRIPTION4.7.3 IPX SAP FILTER MENU WAN or Ethernet Network Address 32 bitsMENU SELECTION DESCRIPTIONNode Address 48 bits MENU SELECTIONDESCRIPTION LIST PARAMETER4.7.4 IPX HEADER FILTERS MENU SELECTIONDESCRIPTION LIST PARAMETER4.8 EVENTS 4.7.5 NOVELL KEEP-ALIVESMENU SELECTION DESCRIPTION4.8.1 PPP EVENTS 4.8.2 SYSTEM EVENTSFLASH ERASE ERROR PARAMETER FLASH PROGRAMMING TIMEOUT FLASH VERIFY ERRORIssue 1.0 04 December 1997 Page 43 of Echo LANlink Router Option User ManualINSTALLATION OF EQUIPMENT Installation of this equipment must only beperformed by suitably trained service safety status of which are defined belowInstallation des Gerätes v EXT CLOCK vi ALARM port vii AUI port viii 10BASE-T portWarnung Dieses Gerät Muß an einem Ansc hluß mitMise en garde Installation de léquipment Mise en garde Cet équipement doit être relié a la terreMise en garde Connexion dautres équipements i port SupervisorIssue 1.0 04 December 1997 Page 47 of APPENDIX B APPROVAL REQUIREMENTSEcho LANlink Router Option User Manual Issue 1.0 04 December 1997 Page 48 of APPENDIX C EMC REQUIREMENTSEcho LANlink Router Option User Manual Issue 1.0 04 December 1997 Page 49 of APPENDIX D REAR PANEL LAYOUTEcho LANlink Router Option User Manual APPENDIX E AUI PORT 15-WAY D-TYPE PINOUT SCREENACX+ +12VAPPENDIX F 10BASE-T RJ45 PORT PINOUT SHELLAPPENDIX G IP FILTER EXAMPLES G.1 Source and Destination IP AddressG.1.1 Examples G.2 PROTOCOL SELECTIONG.2.1 Examples G.3 Source and Destination PortsG.3.1 Examples APPENDIX H IP SUBNETS Class A AddressNetwork 8 bits Unit 24 bitsAPPENDIX I ROUTER MAINTENANCE MENU I.1 KERMITI.3 Download New Firmware using TFTP I.2 Download New Firmware using TCP loaderI.4 Restore Configuration using TFTP I.6 Set Default Gateway I.8 Reset PasswordI.9 Boot File Using TCP Loader I.5 Set New IP AddressI.10 Boot File Using TFTP Loader I.11 Run Monitor