Manuals / Brands / Computer Equipment / Network Router / Planet Technology / Computer Equipment / Network Router

Planet Technology ERT-805 Chapter 5 Security, 5.1 Access-list, Standard, Extended, [in | out], access-list, access-list, Access-list, access-lists, access-group, [permit | deny]

1 104

Download 104 pages, 2.08 Mb

Chapter 5 Security

5.1 Access-list

The purpose for access-list is packet filtering to control, which packets move through the network. Such control can help limit network traffic and restrict network use by certain user or device.

Access-list is use as a packet filter, this function helps to limit network traffic and restrict network.

There are two general types of access lists:

ØStandard access-lists– The standard access-list is check the source address of packets. Access-list number is start from 1-99

ØExtended access-list– The extended access-list is check for both source and destination packet address and also check for specific protocols, port numbers and other parameters. Access-list number is start from 100-199

access-listaccess-list number [permit deny] – set the standard access-list’s rule.

ip access-group [in out] – applies an existing access-list as an incoming or outgoing to an interface.

Access-listaccess-list number [permit deny] protocol source-address source-wildcard destination-address destination-wildcard [operator port] – set the extended access-list rule.

Standard access-list configuration example

ERT-805# show run

Building configuration ...

service password-encryption service timestamps debug

!

hostname ERT-805

!

enable password 7 5EVbxkwzBvfT

!

username router password 7 qBjbURagjK0L

!

interface fastethernet 0/0

ip address 192.168.98.63 255.255.255.0

!

interface serial 0/0 encapsulation ppp

41

Contents

Page Trademarks Disclaimer FCC Warning CE Mark Warning Revision TABLE OF CONTENTS Page Chapter 1 Introduction 1.1 Checklist 1.2 About ERT-805 1.3 Product Feature 1.4 Product Specification Page Chapter 2 HARDWARE INSTALLATION 2.1 Package Contents 2.2 ERT-805outlook Rear Panel Warning 2.3 Installation requirements & Physical Installation 2.3.1 Device placement 2.3.2 Connect to a Ethernet device 2.3.3 Connect to a Serial Device 2.3.4 Power on the device Chapter 3 Command Line Interface 3.1 Help command 3.2 Redisplay Previous command 3.3 Verify Current Configuration 3.4 Ctrl-Z, Ctrl-Cand exit 3.5 Login from Console port 3.6 Virtual Terminal Access ERT805# config t ERT805(config)# enable password ERT805(config)#line vty 0 ERT805 ERT805(config-line)#password cisco 3.7 Password Encryption Page Chapter 4 Router Communication Protocol 4.1 RIP- Router Information Protocol 4.1.1 Routing loops 4.1.1.5 RIP Command Page 4.2 EIGRP – Enhanced interior Gateway Routing Protocol 4.2.1 EIRGP Command Page 4.3 OSPF- Open Shortest Path First 4.3.1 OSPF Command Page 4.4 PPP PPP authentication using PAP PPP authentication using CHAP CHAP example Page Page Page 4.5 HDLC Protocol Page 4.6 SNA 4.6.1 Introduction Page Page 4.7 X.25 Protocol encapsulation x25 [dce | dte] x25 address x25 map [Qllc] check-called-address check-calling-address x25 t21 x25 t22 x25 t23 x25 r20 x25 r22 – Access packet switching network s1:14.1.1.2/24 x121:14112 Router2 Router3 4.8 Frame Relay Protocol Page Page Page Chapter 5 Security 5.1 Access-list Page Page 5.2 NAT – Network Address Translation Page Page 5.3 VPN - IPSec Page crypto isakmp key address crypto isakmp policy -hash -encryption Page Page router# debug crypto isakmp router# 22:34.011 Crypto ISAKMP debugging is on router# term router# terminal m router# terminal monitor router# 23:03.993 IPSEC: SEND KEEYALIVE ON PEER 23:03.994 recv DPD req 23:03.994 creat a DPD struct Page Page Page Page Page Page Page Page Page Page 5.4 Firewall- Context-BasedAccess Control (CBAC) Page show ip inspect interface show ip inspect session debug ip inspect events debug ip inspect object-creation Page Page 5.5 Radius Security (AAA) Page Page Page Page Debug radius Chapter 6 QOS 6.1 CAR – Committed Access Rate Page Page 6.2 Policy-basedRouting 6.3 Class-mapand policy-map Page Page Page 6.4 Queue 6.4.1 FIFO- First IN First Out 6.4.2 WFQ – Weighted Fair Queuing 6.4.3 Priority Queuing Page Page 6.4.4 Custom Queuing queue number default queue limit byte-count Page Page Page Appendix A Upgrade firmware Input File Name Appendix B Router Dialing Page Appendix C Cables / Pin-assignmentfor ERT-805 C.1 V.35 DTE – CB-ERTV35-MT C.2 V.35 DCE – CB-ERTV35-FC C.3 V.24 DTE – CB-ERT232-MT C.4 V.24 DCE – CB-ERT232-FC C.5 X.21 DTE – CB-ERTX21-MT C.6 X.21 DCE – CB-ERTX21-FC C.7 RJ-45Console Cable C.8 DB9 to RJ45