Manuals / Paradyne / Computer Equipment / Network Router

Paradyne 6342, 6341, 6301, 6371, 6351, 6302 Ethernet Type Filtering, Land Bug/Smurf Attack Prevention

Models: 6302 6371 6301 6341 6351 6342

1 146

Download 146 pages 32.67 Kb

Page 38

3. Configuring the DSL Router

Ethernet Type Filtering

Ethernet Type filtering (Ethertype) does not apply when the DSL router is in router-only mode. By default, Ethertype filtering is disabled on the Hotwire DSL card for the DSL router. If enabled, separate Ethertype filters are applied to the Ethernet and/or DSL interface with one filter per interface direction. There is a maximum of 16 rules per list. Each rule access list allows filtering of a single Ethertype or a range of Ethertypes.

MAC frames can be filtered based on the:

SNAP Ethernet field in the 802.3 header.

Protocol type field in the DIX Ethernet header.

For Ethertype filters, the rules are applied in the order in which they were configured. For additional information about Ethertype filters, refer to the Hotwire MVL, ReachDSL, RADSL, IDSL, and SDSL Cards, Models 8310, 8312/8314, 8510/8373/8374, 8303/8304, and 8343/8344, User’s Guide.

Land Bug/Smurf Attack Prevention

Land Bug and Smurf Attack prevention are enhanced firewall features provided by the router.

Land Bug – The router drops all packets received on its DSL or Ethernet interface when the source IP address is the same as the destination IP address. This prevents the device from being kept busy by constantly responding to itself.

Smurf Attack – The router does not forward directed broadcasts on its DSL and Ethernet interfaces, or send an ICMP echo reply to the broadcast address. This ensures that a legitimate user will be able to use the network connection even if ICMP echo/reply (smurf) packets are sent to the broadcast address.

3-12

November 2003

6300-A2-GB20-10

Image 38

Paradyne 6342, 6341, 6301, 6371, 6351, 6302 manual Ethernet Type Filtering, Land Bug/Smurf Attack Prevention

Contents

Hotwire DSL Routers Copyright 2003 Paradyne Corporation All rights reserved Contents DSL Router Configuration Examples Monitoring the DSL RouterDiagnostics and Troubleshooting Command Line InterfaceDSL Router Terminal Emulation Configuration Defaults and Command Line ShortcutsTraps and MIBs Firmware Upgrade IndexContents November About This Guide Document Purpose and Intended AudienceNew Features for this Release Document Summary Section DescriptionProduct-Related Documents Document Number Document TitleDocument Conventions Convention TranslationXii DSL Technologies Supported Introduction to Hotwire DSL RoutersWhat is a Hotwire DSL Router? Optional Typical DSL Router SystemCentral Office CO Customer Premises CP Hotwire DSL Router Features IP routing withService Subscriber Management from an NMS using SnmpLevels of Access Accessing the DSL RouterAccess Control to the DSL Router Console disable save Exit Local Console AccessChanging Access Session Levels Admin enableSetting Up the New User’s Login Invalid Characters Value Ascii Hex TranslationLocal console disabled by conflict message Telnet AccessPassword admin new password save Telnet enable saveTelnet login enable save Determining the Current Access LevelDetermining the Available Commands HelpChanging the System Identity Using the List CommandList config ListManually Logging Out If accessing the DSL router ThenExiting from the System ExitWhen autologout is Automatically Logging OutDSL Router’s Interfaces Configuring the DSL RouterDSL Router Configuration Overview Service Domain IP Address Assignments Interface IdentifiersSimplified Network Topology Numbered DSL or Ethernet InterfaceUnnumbered DSL Interface IP Routing IP Options ProcessingAddress Resolution Protocol ARP Network ConsiderationsProxy ARP Network Address Port Translation NAPT/PAT Network Address Translation NATBasic NAT Simultaneous Basic NAT and Napt Applications Supported by NATDynamic Host Configuration Protocol Dhcp Server Dhcp Relay Agent Security IP Protocol Type FilteringEthernet Type Filtering Land Bug/Smurf Attack PreventionIf Using This Network Model Then These DSL Cards Can Be Used Routed vs. Bridged PDUsRouted Network Model Standard mode PPPoE Client SupportWhen the negotiated IP Address is assigned to Then Configuring the DSL Router DSL Router Configuration Examples Configuration ExamplesBasic Bridging Configuration Example IP, IPXBasic Routing Configuration Example Basic NAT Configuration Example NAT Mapping Public IP Addresses Private IP AddressesCommands and syntax for this example are Napt Configuration Example Napt Mapping Public IP Addresses Private IP AddressesDSL Router Configuration Examples Simultaneous Basic NAT and Napt Configuration Example DSL Router Configuration Examples Core Router 155.1.3.1 Console Port Connection Dhcp Relay with Proxy ARP Configuration Example Dhcp Server with Basic NAT Configuration Example PPPoE Client with Napt and Dhcp Server Configuration Example Downstream Router Configuration Example IP Passthrough Configuration Example Customer Premises CPDSL Router Configuration Examples November Monitoring the DSL Router Monitoring the RouterCondition Status LED StatusFront Panel LEDs Clearing Statistics Interface StatusPerformance Statistics Reasons for Discarded Data Reasons for Ethernet Interface eth1 Discarded FramesReasons for DSL Interface dsl1 Discarded Frames Reasons for IP Processing Discarded Packets Reasons for Bridge Discarded Frames Reasons for PPPoE Discarded FramesReasons for PPP Discarded Frames Alarms Inquiry Diagnostics and TroubleshootingDiagnostics and Troubleshooting Overview Device RestartSystem Log Syslog Commands 1Syslog enable disable Show syslogSyslog port port-number Syslog Commands 2Syslog ip ip-addr mgt srvc Syslog level levelSyslog Events Syslog Messages Level Description EventSyslog Message Display Ping CommandPing Ping dest-ipmgt -x source-ip-l bytes -w time -ieth1 dsl1Ping reply from x.x.x.x Request Timed OUT Ping Test ResultsPing reply from x.x.x.x bytes of data=nn Ping reply from x.x.x.x Destination UnreachableExample traceroute 135.300.41.8 -w 60 -i eth1 TraceRoute CommandTraceRoute Over a max. of nn Hops, with nnn Byte packet TraceRoute Test ResultsTracing route to X.xCommand Line Interface Command Line Interface CapabilitySyntax Conventions Command RecallNavigating the Router’s CLI CLI Commands Configure terminal factory Configuration CommandsTable A-1. Configuration Commands SaveTable A-2. RFP 1483 Encapsulation Command RFC 1483 Encapsulation CommandEthernet Frame Format Command Table A-3. Ethernet Frame Format CommandExamples ifn address dsl1 135.300.41.8 Ifn dsl1 primary Interface and Service Domain IP Address CommandsTable A-4. Interface and Service Domain IP Address Commands IP Routing Commands Table A-5. IP Routing Commands 1Table A-6. Bridge Commands 1 Bridge CommandsTable A-5. IP Routing Commands 2 Bridge enable disableTable A-7. ARP Commands 1 ARP CommandsTable A-6. Bridge Commands 2 Table A-8. Proxy ARP Command Proxy ARP CommandTable A-7. ARP Commands 2 Proxy arp eth1 dsl1 enable disableNAT Commands Table A-9. NAT Commands 1Nat napt purge Table A-9. NAT Commands 2Nat timeout time Nat napt map udp tcp server-ip portNat napt delete udp tcp port Table A-9. NAT Commands 3Nat basic delete private-ip Table A-10. Dhcp Server Commands 1 Dhcp Server CommandsTable A-9. NAT Commands 4 Dhcp server name domain name Table A-10. Dhcp Server Commands 2Dhcp server router ip-address Dhcp server nameserver ip-addressip-address2Dhcp relay enable disable Dhcp Relay Agent CommandsTable A-11. Dhcp Relay Agent Commands Dhcp relay address ip-addressIP multicast enable disable IP Packet Processing CommandsTable A-12. IP Packet Processing Commands IP routing enable disablePppoe enable disable PPPoE Client CommandsTable A-13. PPPoE Client Commands 1 Ppp ip eth1 dsl1 passthrough mask no-dnsFrom previous Table A-13. PPPoE Client Commands 2Ppp authentication chap pap both none Table A-13. PPPoE Client Commands 3 Ppp username usernameTelnet Commands Table A-14. Telnet Commands 1Telnet keep-alive enable disable Table A-14. Telnet Commands 2Telnet timeout time Telnet keep-alive timeout timeTable A-15. Traps Command Traps CommandClearing Statistics Command Table A-16. Clearing Statistics CommandShow alarms Show CommandsTable A-17. Show Commands 1 Show arp timeoutDisplays either console enabled or console disabled Table A-17. Show Commands 2Show config Show bridgeShow dhcp server Table A-17. Show Commands 3Show dhcp relay Show ip route ip-address Table A-17. Show Commands 4Show interface eth1 dsl1 Show nat napt Table A-17. Show Commands 5Show nat basic Show spanning-tree Table A-17. Show Commands 6Show pppoe Show statistics eth1 Table A-17. Show Commands 7Show statistics eth1 dsl1 ip bridge pppoe tftp Show statistics ip Table A-17. Show Commands 8Show statistics dsl1 Show statistics bridgeShow statistics tftp Table A-17. Show Commands 9Show statistics pppoe Show telnet Table A-17. Show Commands 10Show system Show trapsCommand Line Interface November Configuration Defaults Command Line Shortcuts Configuration Default SettingsA-17 Arp create ip-addr mac-addr Command Line ShortcutsTable B-2. Command Line Shortcuts 1 Arp delete ip-addrTable B-2. Command Line Shortcuts 2 Table B-2. Command Line Shortcuts 3 Show syslog Show system Show telnet Table B-2. Command Line Shortcuts 4Show nat basic napt Show pppoe Syslog ip ip-addrmgt srvcTraps Overview Traps and MIBsSnmp Overview DSL Router Traps Variable BindingMIB II RFC MIBs OverviewStandard MIBs System Group SystemIfEntry Interfaces Group RFCInterfaces IfType Identifies the interface type based Supported values Mbps Extension to Interfaces Table RFCIfXEntry True1Table C-5. IP Group Objects Description Setting/Contents IP Group RFCIpCidrRouteEntry IP Cidr Route Group RFCIpForward Transmission Group Snmp GroupParadyne Enterprise MIBs Ethernet-Like MIB RFCActive1 Device Control MIBNoOp1 Inactive2TraceRoute Device Diagnostics MIBPing Test InProgress2 Active testSystemError TimeoutIcmpError ApplpingTestEntryApplTracerouteResultsEntry ConfigureTraceroute AppTracerouteResultsEntryDevStatus Health and Status MIBDevStatus1 Configuration MIB Factory1-to-active8Primary Interface Configuration MIBPdnInetIpAddressTableEntry SecondaryDhcp MIB DSL Endpoint MIB Accessing the List Command Output DSL Router Terminal EmulationTerminal Emulation Programs Overview Firmware UpgradeFirmware Upgrade Commands Apply downloadDownload ifn address eth1 155.1.3.254 Paradyne server Firmware Upgrade ProceduresDownload dsl1ifn eth1ifn server-ip filename Downloading will affect user data performance Are you sure?No new firmware to apply At the CUSTOMER-CONFIG# prompt, type apply downloadSystem is being reset Firmware Upgrade November Symbols IndexIN-2 IN-3 IN-4 IN-5 IN-6