Manuals / NetComm / Computer Equipment / Network Router

NetComm NB712 manual Rule Order, 10.0.0.0 172.16.6.0 Permit 10.1.99.0 172.16.0.0 Deny Any

Models: NB712

1 117

Download 117 pages 38.86 Kb

Page 55

Rule Order

The order of the rules affects the ﬁltering result. The ﬁltering process will proceed from top to bottom, changing the order will give a different result. For example:

Rule	Source Address	Destination Address	Action
A	10.0.0.0	172.16.6.0	Permit
B	10.1.99.0	172.16.0.0	Deny
C	Any	Any	Deny

Where “0” at the last eight bits indicates “from 1 to 254”, “0” at any eight bits preceding “0”, “0.0” or “0.0.0” indicates “from 1 to 254”. On the other hand, “0” and all “0” successive with “0” represents any.

When the rule is ordered as ABC.

Index	Source Address	Destination Address	Action
1	10.1.99.1	172.16.1.1	Deny (B)
2	10.1.99.1	172.16.6.1	Permit (A)
3	10.1.1.1	172.16.6.1	Permit (A)
4	10.1.1.1	172.16.1.1	Deny (C)
5	192.168.3.4	172.16.6.1	Deny (C)

The rule order will permit 10.1.99.1 to access 172.16.6.1.

When the rule is ordered as BAC.

Index	Source Address	Destination Address	Action
1	10.1.99.1	172.16.1.1	Deny (B)
2	10.1.99.1	172.16.6.1	Deny (B)
3	10.1.1.1	172.16.6.1	Permit (A)
4	10.1.1.1	172.16.1.1	Deny (C)
5	192.168.3.4	172.16.6.1	Deny (C)

The rule order will deny 10.1.99.1 to access 172.6.6.1.

NB712 /	NB714 User Guide	55
YML829	Rev1

Image 55

NetComm NB712 manual Rule Order, 10.0.0.0 172.16.6.0 Permit 10.1.99.0 172.16.0.0 Deny Any, When the rule is ordered as ABC

Contents

Page Contents NB714 User Guide Package Contents FeaturesIntroduction Security SpeciﬁcationRouting BridgingWAN Interface IndicatorsATM QoS AAL5 EncapsulationProduct Information ApplicationPhysical/Electrical MemoryFirewall Packet Filtering Types of FirewallThere are three types of ﬁrewall Circuit Gateway Denial of Service AttackApplication Gateway UDP Flood Ping of deathSYN Flood Icmp FloodFrame Speciﬁcation Vlan Virtual Local Area NetworkVID uniquely identiﬁes the Vlan to which the frame belongs ApplicationsFront Panel Getting to know the routerLED status LAN 1,2,3,4 Rear PanelCheck the Ethernet Adapter in PC Connecting your G.SHDSL Modem RouterCheck the Terminal Access Program Determine Connection SettingBridge EoA Route EoA IPoA PPPoA Port router with network topology Install the Shdsl RouterPPPoE Cross-over Ethernet cables can be usedConﬁguration via Web Browser Router, which will lose any previous conﬁguration System error or disconnection Basic SetupClick Basic for basic installation LAN Parameters Bridge ModeEnter Host Name Enter VPI Enter VCI Click LLC Click Next WAN1 ParametersRouting Mode Dhcp Client Click Next to setup WAN1 parametersLAN IP Type Subnet Mask Dhcp ServerIP type IP AddressDNS Server Trigger Dhcp ServiceRelay Dhcp relayFor more information, refer to the section on NAT/DMZ PPPoE or PPPoAAAL5 Encap ProtocolIdle Time PasswordPassword Conﬁrm UsernameEprom Gateway IPoA or EoAEprom Advanced Setup Data Rate Annex TypeLink Type Data rateReconnect for better line connection Shdsl SNR marginMargin range is from 0 to Margin, the better the line connectionWAN PCR Peak Cell Rate in kbps QoS Quality of ServiceUBR Unspeciﬁed Bit Rate CBR Constant Bit RateBridge Eprom Vlan Packets PvidPress Modify RIP ModeRoute Auto RIP SummaryRIP Version Authentication requiredPoison Reverse NAT/DMZ Count Global Start IP Address Multi-DMZMulti-NAT Virtual Start IP AddressVirtual Server Basic Firewall Security FirewallAutomatic Firewall Security Connections and will be unresponsive Advanced Firewall SecurityClick Advanced Firewall Security and then press Finish SYN AttackPing of death attack attempts to crash your system by Addresses originating from your networkDest. IP Address DirectionDescription Src. IP AddressFiltering rule will be conﬁgured as follow Filtering Rule for Smtp connectionFiltering Result Update Filtering RuleRule Order When the rule is ordered as ABC10.0.0.0 172.16.6.0 Permit 10.1.99.0 172.16.0.0 Deny Any IP QoS NB714 User Guide Administration Security NB712 / NB714 User Guide MIB SnmpCommunity Snmp statusVersion Community Click on Time Sync Time SyncTime Server Sntp serviceTime Zone Utility System Info Lose all the conﬁgured parameters Restore ConﬁgurationBackup Conﬁguration 10.2 Conﬁg ToolUpgrade To logout the router, press logout LogoutRestart You can monitor the following StatusCO side LAN-to-LAN connection with bridge ModeLAN Parameters Enter VPI Enter VCI Encap WAN1 ParametersEnter IP 192.168.1.1 Enter Subnet Mask Enter Gateway 192.168.1.1 Enter Host NameHost Name Enter Soho CPE SideVCI32 EncapLLC IP Address 192.168.20.1 Subnet Mask 255.255.255.0 Host Name LAN to LAN Connection with Routing ModeDhcp Service Click Route and CO Side then press NextWAN Parameters Click Next to setup the IP parametersIP Address 192.168.10.1 Subnet Mask 255.255.255.0 Host Name Click Route and CPE Side then press Next192.168.30.2 Baudrate 9600 Data Bits Parity Check Stop Bits Flow-control Useradmin PasswordSerial Console TelnetOperation Interface Window structure To choose another parameters Menu Driven Interface CommandsCtrl + C To quit the conﬁguring item Ctrl + Q For help Menu Tree 14.7 Conﬁguration Exit Quit system Ping Packet internet groper command AdminDone via utility command UtilityStatus Script ShowSystem ConﬁgPing RebootAdministration WriteUser Proﬁle Edit Community Entry List Show SnmpSupervisor Password and ID Move the cursor to timeserver1 and press enter Move the cursor to service and press enterSntp Move the cursor to sntp and press enterMove the cursor to list and review the setting Mode SetupUtility ExitShdsl 14.16.3 WAN After enter add menu, the screen will prompt as follow BridgeMove the cursor to vlan and press enter VlanFollow the following steps to conﬁgure 802.11q Vlan 14.16.6 802.11Q VlanFor each VLAN, Vlan ID is a unique number among 1~4095 Screen will display the following Generic command can setup RIP mode and auto summery modeYou can review the list of RIP parameters via list command RouteIP share 14.16.8 LANYou can conﬁgure NAT parameters in nat menu 14.16.10 NATMapping After key in enter, the screen will prompt as below 14.16.11 PATFirewall You can enable the demilitarized zone via active commandﬁrewall security level can conﬁgure via level command 14.16.12 DMZActive DoS Protection IPQoS Dhcp You can view the Dhcp conﬁguration via list commandDNS proxy DefaultHost name 100Mbps Appendix a Cable InformationRJ-45 Network Ports 10MbpsStraight-Through Cabling Straight and crossover cable conﬁgurationCross-Over Cabling TxD Shdsl Line Connector Console CableNo connection RxD OContact Information Appendix B Registration and Warranty InformationProduct Warranty