Ethernet Type Filtering | Paradyne 6342, 6341, 6301, 6371, 6351, 6302

3. Configuring the DSL Router

Ethernet Type Filtering

Ethernet Type filtering (Ethertype) does not apply when the DSL router is in router-only mode. By default, Ethertype filtering is disabled on the Hotwire DSL card for the DSL router. If enabled, separate Ethertype filters are applied to the Ethernet and/or DSL interface with one filter per interface direction. There is a maximum of 16 rules per list. Each rule access list allows filtering of a single Ethertype or a range of Ethertypes.

MAC frames can be filtered based on the:

SNAP Ethernet field in the 802.3 header.

Protocol type field in the DIX Ethernet header.

For Ethertype filters, the rules are applied in the order in which they were configured. For additional information about Ethertype filters, refer to the Hotwire MVL, ReachDSL, RADSL, IDSL, and SDSL Cards, Models 8310, 8312/8314, 8510/8373/8374, 8303/8304, and 8343/8344, User’s Guide.

Land Bug/Smurf Attack Prevention

Land Bug and Smurf Attack prevention are enhanced firewall features provided by the router.

Land Bug – The router drops all packets received on its DSL or Ethernet interface when the source IP address is the same as the destination IP address. This prevents the device from being kept busy by constantly responding to itself.

Smurf Attack – The router does not forward directed broadcasts on its DSL and Ethernet interfaces, or send an ICMP echo reply to the broadcast address. This ensures that a legitimate user will be able to use the network connection even if ICMP echo/reply (smurf) packets are sent to the broadcast address.

3-12

November 2003

6300-A2-GB20-10

Image 38

Paradyne 6342, 6341, 6301, 6371, 6351, 6302 manual Ethernet Type Filtering, Land Bug/Smurf Attack Prevention

Contents

Hotwire DSL Routers Copyright 2003 Paradyne Corporation All rights reserved Contents DSL Router Configuration Examples Monitoring the DSL Router Diagnostics and Troubleshooting Command Line Interface DSL Router Terminal Emulation Configuration Defaults and Command Line ShortcutsTraps and MIBs Firmware Upgrade Index Contents November About This Guide Document Purpose and Intended Audience New Features for this Release Document Summary Section Description Product-Related Documents Document Number Document Title Document Conventions Convention Translation Xii DSL Technologies Supported Introduction to Hotwire DSL RoutersWhat is a Hotwire DSL Router? Optional Typical DSL Router SystemCentral Office CO Customer Premises CP Hotwire DSL Router Features IP routing with Service Subscriber Management from an NMS using Snmp Levels of Access Accessing the DSL RouterAccess Control to the DSL Router Console disable save Exit Local Console AccessChanging Access Session Levels Admin enable Setting Up the New User’s Login Invalid Characters Value Ascii Hex Translation Local console disabled by conflict message Telnet AccessPassword admin new password save Telnet enable save Telnet login enable save Determining the Current Access LevelDetermining the Available Commands Help Changing the System Identity Using the List CommandList config List Manually Logging Out If accessing the DSL router ThenExiting from the System Exit When autologout is Automatically Logging Out DSL Router’s Interfaces Configuring the DSL RouterDSL Router Configuration Overview Service Domain IP Address Assignments Interface Identifiers Simplified Network Topology Numbered DSL or Ethernet InterfaceUnnumbered DSL Interface IP Routing IP Options Processing Address Resolution Protocol ARP Network Considerations Proxy ARP Network Address Port Translation NAPT/PAT Network Address Translation NATBasic NAT Simultaneous Basic NAT and Napt Applications Supported by NAT Dynamic Host Configuration Protocol Dhcp Server Dhcp Relay Agent Security IP Protocol Type Filtering Ethernet Type Filtering Land Bug/Smurf Attack Prevention If Using This Network Model Then These DSL Cards Can Be Used Routed vs. Bridged PDUs Routed Network Model Standard mode PPPoE Client Support When the negotiated IP Address is assigned to Then Configuring the DSL Router DSL Router Configuration Examples Configuration Examples Basic Bridging Configuration Example IP, IPX Basic Routing Configuration Example Basic NAT Configuration Example NAT Mapping Public IP Addresses Private IP Addresses Commands and syntax for this example are Napt Configuration Example Napt Mapping Public IP Addresses Private IP Addresses DSL Router Configuration Examples Simultaneous Basic NAT and Napt Configuration Example DSL Router Configuration Examples Core Router 155.1.3.1 Console Port Connection Dhcp Relay with Proxy ARP Configuration Example Dhcp Server with Basic NAT Configuration Example PPPoE Client with Napt and Dhcp Server Configuration Example Downstream Router Configuration Example IP Passthrough Configuration Example Customer Premises CP DSL Router Configuration Examples November Monitoring the DSL Router Monitoring the Router Condition Status LED StatusFront Panel LEDs Clearing Statistics Interface StatusPerformance Statistics Reasons for Discarded Data Reasons for Ethernet Interface eth1 Discarded Frames Reasons for DSL Interface dsl1 Discarded Frames Reasons for IP Processing Discarded Packets Reasons for Bridge Discarded Frames Reasons for PPPoE Discarded Frames Reasons for PPP Discarded Frames Alarms Inquiry Diagnostics and TroubleshootingDiagnostics and Troubleshooting Overview Device Restart System Log Syslog Commands 1Syslog enable disable Show syslog Syslog port port-number Syslog Commands 2Syslog ip ip-addr mgt srvc Syslog level level Syslog Events Syslog Messages Level Description Event Syslog Message Display Ping CommandPing Ping dest-ipmgt -x source-ip-l bytes -w time -ieth1 dsl1 Ping reply from x.x.x.x Request Timed OUT Ping Test ResultsPing reply from x.x.x.x bytes of data=nn Ping reply from x.x.x.x Destination Unreachable Example traceroute 135.300.41.8 -w 60 -i eth1 TraceRoute CommandTraceRoute Over a max. of nn Hops, with nnn Byte packet TraceRoute Test ResultsTracing route to X.x Command Line Interface Command Line Interface Capability Syntax Conventions Command RecallNavigating the Router’s CLI CLI Commands Configure terminal factory Configuration CommandsTable A-1. Configuration Commands Save Table A-2. RFP 1483 Encapsulation Command RFC 1483 Encapsulation CommandEthernet Frame Format Command Table A-3. Ethernet Frame Format Command Examples ifn address dsl1 135.300.41.8 Ifn dsl1 primary Interface and Service Domain IP Address CommandsTable A-4. Interface and Service Domain IP Address Commands IP Routing Commands Table A-5. IP Routing Commands 1 Table A-6. Bridge Commands 1 Bridge CommandsTable A-5. IP Routing Commands 2 Bridge enable disable Table A-7. ARP Commands 1 ARP CommandsTable A-6. Bridge Commands 2 Table A-8. Proxy ARP Command Proxy ARP CommandTable A-7. ARP Commands 2 Proxy arp eth1 dsl1 enable disable NAT Commands Table A-9. NAT Commands 1 Nat napt purge Table A-9. NAT Commands 2Nat timeout time Nat napt map udp tcp server-ip port Nat napt delete udp tcp port Table A-9. NAT Commands 3Nat basic delete private-ip Table A-10. Dhcp Server Commands 1 Dhcp Server CommandsTable A-9. NAT Commands 4 Dhcp server name domain name Table A-10. Dhcp Server Commands 2Dhcp server router ip-address Dhcp server nameserver ip-addressip-address2 Dhcp relay enable disable Dhcp Relay Agent CommandsTable A-11. Dhcp Relay Agent Commands Dhcp relay address ip-address IP multicast enable disable IP Packet Processing CommandsTable A-12. IP Packet Processing Commands IP routing enable disable Pppoe enable disable PPPoE Client CommandsTable A-13. PPPoE Client Commands 1 Ppp ip eth1 dsl1 passthrough mask no-dns From previous Table A-13. PPPoE Client Commands 2Ppp authentication chap pap both none Table A-13. PPPoE Client Commands 3 Ppp username username Telnet Commands Table A-14. Telnet Commands 1 Telnet keep-alive enable disable Table A-14. Telnet Commands 2Telnet timeout time Telnet keep-alive timeout time Table A-15. Traps Command Traps CommandClearing Statistics Command Table A-16. Clearing Statistics Command Show alarms Show CommandsTable A-17. Show Commands 1 Show arp timeout Displays either console enabled or console disabled Table A-17. Show Commands 2Show config Show bridge Show dhcp server Table A-17. Show Commands 3Show dhcp relay Show ip route ip-address Table A-17. Show Commands 4Show interface eth1 dsl1 Show nat napt Table A-17. Show Commands 5Show nat basic Show spanning-tree Table A-17. Show Commands 6Show pppoe Show statistics eth1 Table A-17. Show Commands 7Show statistics eth1 dsl1 ip bridge pppoe tftp Show statistics ip Table A-17. Show Commands 8Show statistics dsl1 Show statistics bridge Show statistics tftp Table A-17. Show Commands 9Show statistics pppoe Show telnet Table A-17. Show Commands 10Show system Show traps Command Line Interface November Configuration Defaults Command Line Shortcuts Configuration Default Settings A-17 Arp create ip-addr mac-addr Command Line ShortcutsTable B-2. Command Line Shortcuts 1 Arp delete ip-addr Table B-2. Command Line Shortcuts 2 Table B-2. Command Line Shortcuts 3 Show syslog Show system Show telnet Table B-2. Command Line Shortcuts 4Show nat basic napt Show pppoe Syslog ip ip-addrmgt srvc Traps Overview Traps and MIBsSnmp Overview DSL Router Traps Variable Binding MIB II RFC MIBs OverviewStandard MIBs System Group System IfEntry Interfaces Group RFCInterfaces IfType Identifies the interface type based Supported values Mbps Extension to Interfaces Table RFCIfXEntry True1 Table C-5. IP Group Objects Description Setting/Contents IP Group RFC IpCidrRouteEntry IP Cidr Route Group RFCIpForward Transmission Group Snmp Group Paradyne Enterprise MIBs Ethernet-Like MIB RFC Active1 Device Control MIBNoOp1 Inactive2 TraceRoute Device Diagnostics MIBPing Test InProgress2 Active test SystemError TimeoutIcmpError ApplpingTestEntry ApplTracerouteResultsEntry ConfigureTraceroute AppTracerouteResultsEntry DevStatus Health and Status MIBDevStatus1 Configuration MIB Factory1-to-active8 Primary Interface Configuration MIBPdnInetIpAddressTableEntry Secondary Dhcp MIB DSL Endpoint MIB Accessing the List Command Output DSL Router Terminal Emulation Terminal Emulation Programs Overview Firmware UpgradeFirmware Upgrade Commands Apply download Download ifn address eth1 155.1.3.254 Paradyne server Firmware Upgrade ProceduresDownload dsl1ifn eth1ifn server-ip filename Downloading will affect user data performance Are you sure? No new firmware to apply At the CUSTOMER-CONFIG# prompt, type apply downloadSystem is being reset Firmware Upgrade November Symbols Index IN-2 IN-3 IN-4 IN-5 IN-6