BinTec Dm752-I Скачать руководство пользователя страница 23 | Manualshive

Страница: 23 / 67

background image

Extended Access List #>entry <id> label <value>

Example:

Extended Access List 100>entry 3 label 12
Extended Access List 100>

2.5.2.10 ENTRY <id> PRECEDENCE

Establishes the Access Control sentence based on the value of the precedence field for the IP packet Type of Ser-
vice byte. This can take values between 0 and 7.

Syntax:

Extended Access List #>entry <id> precedence <value>

Example:

Extended Access List 100>entry 3 precedence 3
Extended Access List 100>

2.5.2.11 ENTRY <id> TCP-SPECIFIC ESTABLISHED

Sets the Access Control sentence for the TCP packets based on whether the TCP session had been previously es-
tablished or not. To find out if a TCP session is already established, check that the ACK or the RST bit in the TCP
packet header is present. If one of the two is there, then the session is considered established.

Syntax:

Extended Access List #>entry <id> tcp-specific established-state

Example:

The following configuration shows an access list where all the TCP sessions established in entry 1 match.

entry 1 default
entry 1 permit
entry 1 protocol tcp
entry 1 tcp-specific established-state

2.5.2.12 ENTRY <id> TOS-OCTET

Establishes the Access Control sentence based on the value of the IP packet Type of Service byte. This can take
values between 0 and 255. You can also specify a bits mask that determines the Type of Service byte bits you wish
to mark. The mask value can be between 1 and 255.

Syntax:

Extended Access List #>entry <id> tos-octet <value> [mask <mask>]

Example:

Extended Access List 100>entry 3 tos-octet 240 mask 254
Extended Access List 100>

2.5.2.13 ENTRY <id> CONNECTION

Associates the connection identifier between interfaces to an entry in the Access Control List. This connection identi-
fies the logical interface through which the packet is routed (configured in the IP rules). On establishing this relation,
you can also associate the traffic (not just through the packet source or destination address etc., but also through the
specific interface connection).

Leaving the connection unspecified (or setting a zero connection) means that the connection will not consider this
parameter when executing Access Control.

A question mark will appear next to the connection (e.g. Conn:?) if this does not exist when you list the entry.

Syntax:

Extended Access List #>entry <id> connection <value>

Example:

Supposing we have the following rule defined in IP:

bintec elmeg

2 Configuration

Access Control

19

«
...
21
22
23
24
25
...
»

Содержание Dm752-I

Страница 1: ...Access Control bintec Dm752 I Copyright Version 11 06 bintec elmeg bintec elmeg Manual Access Control 1...

Страница 2: ...bintec offers no warranty whatsoever for information contained in this manual bintec is not liable for any direct indirect collateral consequential or any other damage connected to the delivery supply...

Страница 3: ...4 4 MOVE ENTRY 11 2 4 5 DESCRIPTION 11 2 4 6 NO 12 2 4 7 EXIT 12 2 5 Extended Access Lists 12 2 5 1 HELP 13 2 5 2 ENTRY 13 2 5 3 LIST 20 2 5 4 MOVE ENTRY 21 2 5 5 DESCRIPTION 21 2 5 6 NO 21 2 5 7 EXI...

Страница 4: ...R CACHE 43 3 1 4 SET CACHE SIZE 43 3 1 5 SHOW HANDLES 43 3 1 6 HIDE HANDLES 43 Chapter 4 Appendix 44 4 1 Reserved Ports 44 4 2 Reserved Protocols 44 4 3 Protocol Values in Stateful Lists 47 Table of C...

Страница 5: ...intec Dm745 I Policy Routing bintec Dm764 I Route Mapping bintec Dm780 I Prefix Lists bintec Dm786 I AFS bintec Dm788 I New NAT Protocol bintec Dm795 I Policy Map Class Map bintec elmeg Related Docume...

Страница 6: ...at both input to avoid router overload and output Access Control Lists themselves cannot limit the packet flow in the router To do this they must be associated to pro tocols that allow traffic filters...

Страница 7: ...of entries which define the properties that a packet must have in order to belong to this entry and consequently to this list This Access Control List is then assigned to a protocol Note Access Contr...

Страница 8: ...ess Controls functionality configuration menu Here you can create eliminate and view the access lists Each Access Control List is made up of entries where you can indicate criteria and the parameters...

Страница 9: ...on an Access Control List DIFFERS from that used in a Prefix List please see manual bintec Dm780 I Prefix Lists In the latter case this order is given by the value of the identifier The following com...

Страница 10: ...tandard Access List 1 assigned to no protocol 1 PERMIT SRC 192 60 1 24 32 2 PERMIT SRC 0 0 0 0 0 Extended Access List 100 assigned to no protocol 1 PERMIT SRC 172 34 53 23 32 DES 0 0 0 0 0 Conn 0 PROT...

Страница 11: ...identifier is within the 1 99 value range i e a Standard List The new submenu prompt together with its identifier shows it is a Standard List Example Access Lists config access list 1 Standard Access...

Страница 12: ...f entry or access control as permit deny Configures type of entry or access control as deny source Source menu subnet or port description Sets a description for the current entry 2 4 2 1 ENTRY id DEFA...

Страница 13: ...e concepts Address Wildcard mask Matching entry 172 24 0 127 255 255 0 255 Matches source addresses 172 24 x 127 regardless of the value of x E g 172 24 12 127 0 0 0 67 0 0 0 255 Matches source addres...

Страница 14: ...ample Standard Access List 1 entry 1 description first entry Standard Access List 1 2 4 3 LIST Displays the information on the Access Control List configuration that is being edited i e information re...

Страница 15: ...nt of which you wish to place the entry When you wish to place an entry at the end of the list lowest priority you need to specify the end option Syntax Standard Access List move entry entry_to_move e...

Страница 16: ...tandard Access Control list configuration environment and returns to the main Access Control menu prompt Syntax Standard Access List exit Example Standard Access List 1 exit Access Lists config 2 5 Ex...

Страница 17: ...t already exists means that the value of the parameter introduced will be modified Syntax Extended Access List entry id parameter value The configuration options for an Extended entry are as follows E...

Страница 18: ...range 2 5 2 4 1 ENTRY id SOURCE ADDRESS Establishes the source IP address sentence A mask is used to indicate the selected range of addresses This ad dress may not be numbered meaning you can enter an...

Страница 19: ...entry 3 source address interface serial0 0 Extended Access List 100 Caution An interface should only be configured as source in those access lists that are going to be associated to IPSec Since this...

Страница 20: ...ecked with the entry To do this the active bits in the wildcard mask indicate the exact position of the address bit that must be checked by the entry Please check the double examples in the following...

Страница 21: ...or UDP destination ports If the packet corresponds to the ICMP protocol and the entry is configured to carry out filtering over this protocol using command entry id protocol icmp this command establis...

Страница 22: ...f you do not want to set a range simply enter two equal values Both protocol identifiers can take values between 0 and 255 The purpose of this command is to grant or deny access to various protocols S...

Страница 23: ...2 ENTRY id TOS OCTET Establishes the Access Control sentence based on the value of the IP packet Type of Service byte This can take values between 0 and 255 You can also specify a bits mask that deter...

Страница 24: ...is access list address filter entries Display the entries that match an ip address entry Display one entry of this access list 2 5 3 1 LIST ALL ENTRIES Displays all the Access Control List configurati...

Страница 25: ...RT 1024 65535 2 PERMIT SRC 192 233 33 11 32 DES 0 0 0 0 0 Conn 0 PROT 33 102 3 DENY SRC 0 0 0 0 0 DES 0 0 0 0 0 Conn 0 Extended Access List 100 move entry 1 end Extended Access List 100 list all entri...

Страница 26: ...identifier is within the 5000 9999 value range i e a Stateful List The new submenu prompt together with its identifier shows it is a Stateful Access List Example Access Lists config access list 5001...

Страница 27: ...reates and modifies an entry or element in an Access Control List This command must always be entered followed by the register number identifier and a sentence A new entry is created whenever this com...

Страница 28: ...IP protocol matching options protocol range Specify a protocol range peer2peer Match peer to peer traffic rate limit Match an specific rate limit in kbps conn limit Match an specific connection limit...

Страница 29: ...p referer ebay com Command history Version Modification 11 1 1 This command was introduced as of version 11 1 2 2 6 3 4 ENTRY id APP DETECT HTTP URL Matches the HTTP URL session drawn by AFS app detec...

Страница 30: ...st be configured for the command to be operative If no SSL session is detected when said app detect is configured there is no match Syntax Stateful Access List entry id app detect ssl Example Stateful...

Страница 31: ...pecify the mask this is assumed to be the host mask This also allows you to select the destination address through range Syntax Stateful Access List entry id destination address ip mask mask Stateful...

Страница 32: ...l parameter associated to each packet It is made up of a number that can be used to select classify and filter IP traffic By default all IP packets have an associated label value equal to 0 This value...

Страница 33: ...teful Access List 5000 Some of the selected protocols allow for sub options such as peer2peer Stateful Access List 5000 entry 1 protocol peer2peer all All peer to peer traffic apple AppleJuice traffic...

Страница 34: ...surpassed the packet is considered as matching this criterion Syntax Stateful Access List entry id rate limit limit burst Example Stateful Access List 5000 entry 1 rate limit 100 Stateful Access List...

Страница 35: ...2000 Stateful Access List 5000 2 6 3 30 ENTRY id SOURCE UDP PORT Specifies a port or a range of UDP source ports The packet must be UDP to match this criterion Syntax Stateful Access List entry id sou...

Страница 36: ...tate The possible states for a session are as follows invalid The session is in an invalid state ready to be deleted new The session is new this is the first packet for this session established The se...

Страница 37: ...addresses themselves must be specified in a configuration file detailed below The device downloads the indic ated configuration file through the tftp protocol Use this command to specify the tftp ser...

Страница 38: ...00 seconds If you don t specify any value the default updating interval is 1 day 2 Subsequently you can enter the http error page that you want to be displayed in cases where there has been an attempt...

Страница 39: ...50000 2 7 Show Config Show Config is a configuration console tool PROCESS 4 that allows you to list the commands required to config ure a router from an empty configuration no conf The command can be...

Страница 40: ...ntry 1 source address 172 24 51 57 255 255 255 255 Extended Access List 101 entry 1 destination address 172 60 1 163 255 255 255 255 Extended Access List 101 The configured access list will have the f...

Страница 41: ...g the access List to the IPSec Protocol To complete the IPSec Security policies databases SPD you need to map the Access Control List elements to the selected Templates In this case since the Access C...

Страница 42: ...dles disappear 3 1 1 HELP Lists the valid commands at the level where the router is programmed You can also use it after a specific command to list the available options Syntax Access Lists Example Ac...

Страница 43: ...Cache size 32 entries Promotion zone 6 entries ACCESS LIST ENTRIES 1 PERMIT SRC 172 25 54 33 32 DES 192 34 0 0 16 Conn 0 PROT 21 Hits 0 2 DENY SRC 0 0 0 0 0 DES 0 0 0 0 0 Conn 0 Hits 0 3 PERMIT SRC 0...

Страница 44: ...entries Promotion zone 6 entries ACCESS LIST ENTRIES 1 PERMIT SRC 172 25 54 33 32 DES 192 34 0 0 16 Conn 0 PROT 21 Hits 0 2 DENY SRC 0 0 0 0 0 DES 0 0 0 0 0 Conn 0 Hits 0 3 PERMIT SRC 0 0 0 0 0 DES 0...

Страница 45: ...otocol Extended Access List 100 assigned to no protocol ACCESS LIST CACHE Hits 2 Miss 0 Cache size 32 entries Promotion zone 6 entries 1 PERMIT SRC 172 25 54 33 32 DES 192 34 0 0 16 Conn 0 PROT 21 Hit...

Страница 46: ...51 57 32 DES 172 60 1 163 32 Conn 0 Hits 0 2 PERMIT SRC 0 0 0 0 0 DES 0 0 0 0 0 Conn 0 Hits 0 Extended Access List 103 assigned to no protocol ACCESS LIST ENTRIES 1 PERMIT SRC 1 0 0 0 8 DES 2 0 0 0 8...

Страница 47: ...trol List from the cache processing the Access Control Lists Syntax Access Lists clear cache id Example Access Lists clear cache 100 Cache cleared Access Lists 3 1 4 SET CACHE SIZE Configures the cach...

Страница 48: ...rol ftp 21 udp File Transfer Control telnet 23 tcp Telnet telnet 23 udp Telnet smtp 25 tcp Simple Mail Transfer smtp 25 udp Simple Mail Transfer nameserver 42 tcp Host Name Server nameserver 42 udp Ho...

Страница 49: ...Class 4 RFC905 RC77 30 NETBLT Bulk Data Transfer Protocol RFC969 DDC1 31 MFE NSP MFE Network Services Protocol MFENET BCH2 32 MERIT INP MERIT Internodal Protocol HWB 33 SEP Sequential Exchange Protoco...

Страница 50: ...C3 76 BR SAT MON Backroom SATNET Monitoring SHB 77 SUN ND SUN ND PROTOCOL Temporary WM3 78 WB MON WIDEBAND Monitoring SHB 79 WB EXPAK WIDEBAND EXPAK SHB 80 ISO IP ISO Internet Protocol MTR 81 VMTP VMT...

Страница 51: ...io Transport Protocol Sautter 127 CRUDP Combat Radio User Datagram Sautter 128 SSCOPMCE Waber 129 IPLT Hollbach 130 SPS Secure Packet Shield McIntosh 131 PIPE Private IP Encapsulation within IP Petri...

Страница 52: ...s ARGUS ariel1 Ariel1 ariel2 Ariel2 ariel3 Ariel3 aris ARIS arns A remote network server system as servermap AS Server Mapper asa ASA Message router object def asa appl proto asa appl proto asip webad...

Страница 53: ...File System cimplex cimplex cisco fna cisco FNATIVE cisco phone Cisco IP Phones and PC Based Unified Communicators cisco sys cisco SYSMAINT cisco tdp Cisco TDP cisco tna cisco TNATIVE citrix Citrix IC...

Страница 54: ...rol Protocol dcn meas DCN Measurement Subsystems dcp Device Control Protocol dctp dctp ddm dfm DDM Distributed File management ddm rdb DDM Remote Relational Database Access ddm ssl DDM Remote DB Acces...

Страница 55: ...rior Gateway Routing Protocol elcsd errlog copy server daemon embl ndt EMBL Nucleic Data Transfer emcon EMCON emfis cntl EMFIS Control Service emfis data EMFIS Data Service encap Encapsulation Header...

Страница 56: ...HELLO_PORT hems hems hip Host Identity Protocol hmmp ind HMMP Indication hmmp op HMMP Operation hmp Host Monitoring hopopt IPv6 Hop by Hop Option hostname NIC Host Name Server hp alarm mgr hp performa...

Страница 57: ...Compression Protocol ipcserver Sun IPC server ipcv Internet Packet Core Utility ipdd ipdd ipinip IP in IP ipip IP within IP Encapsulation Protocol iplt IPLT ipp Internet Printing Protocol ippc Interne...

Страница 58: ...y Access Protocol ldp LDP leaf 1 Leaf 1 leaf 2 Leaf 2 legent 1 Legent Corporation legent 2 Legent Corporation ljk login ljk login lockd LockD locus con Locus PC Interface Conn Server locus map Locus P...

Страница 59: ...soft rome ms shuttle microsoft shuttle ms sql m Microsoft SQL Monitor msdp msdp msexch routing MS Exchange Routing msft gc Microsoft Global Catalog msft gc ssl Microsoft Global Catalog with LDAP SSL m...

Страница 60: ...Who Is nlogin nlogin nmap nmap nmsp Networked Media Streaming Protocol nnsp nnsp nntp Network News Transfer Protocol notes Lotus Notes R novadigm Novadigm Enterprise Desktop Manager EDM novastorbakcu...

Страница 61: ...word chg Password Change pawserv Perf Analysis Workbench pcanywhere Symantic PCAnywhere pcmail srv PCMail Server pdap Prospero Data Access Protocol peer2peer Match peer to peer traffic personal link p...

Страница 62: ...e Remote Data Base rdp Reliable Data Protocol re mail ck Remote Mail Checking Protocol realm rusd ApplianceWare managment protocol remote kis remote kis remotefs rfs server repcmd repcmd repscmd repsc...

Страница 63: ...SCO Web Server Manager 3 sco websrvrmgr SCO WebServer Manager scohelp scohelp scoi2odialog scoi2odialog scps SCPS sctp Stream Control Transmission Protocol scx proxy scx proxy sdnskmp SDNSKMP sdrp Sou...

Страница 64: ...col snp Sitara Networks Protocol snpp Simple Network Paging Protocol sntp heartbeat SNTP HEARTBEAT socks Firewall Security Protocol softpc Insignia Solutions sonar sonar spmp spmp sprite rpc Sprite RP...

Страница 65: ...l System tacnews TAC News talk talk tcf TCF tcp Transmission Control Protocol td replica Tobit David Replica td service Tobit David Service Layer teedtap teedtap tell send telnet Telnet Protocol tempo...

Страница 66: ...vnc Virtual Network Computing vpp Virtual Presence Protocol vpps qua vpps qua vpps via vpps via vrrp Virtual Router Redundancy Protocol vsinet vsinet vslmp vslmp wap push WAP PUSH wap push http WAP P...

Страница 67: ...ransfer Protocol xfer XFER Utility xnet Cross Net Debugger xns auth XNS Authentication xns ch XNS Clearinghouse xns courier Xerox xns idp XEROX NS IDP xns mail XNS mail xns time XNS Time Protocol xtp...

Отзывы:

Нет отзывов

Похожие инструкции для Dm752-I

Бренд: Microchip Technology Страницы: 37

Бренд: Raymarine Страницы: 12

Minas A4 Series

Бренд: Panasonic Страницы: 5

Бренд: Eaton Страницы: 6

Бренд: Camozzi Страницы: 33

Бренд: Camozzi Страницы: 64

MorphoAccess SIGMA Extreme Series

Бренд: Idemia Страницы: 31

Бренд: Madison AV Страницы: 2

Бренд: XtendLan Страницы: 12

Бренд: LAB-EL Страницы: 25

Бренд: Mosa Страницы: 28

Бренд: Contemporary Research Страницы: 22

Бренд: Infineon Страницы: 28

ZigBee Pro VT8000 Series

Бренд: Viconics Страницы: 3

Бренд: S&C Страницы: 12

Бренд: NI Страницы: 135

EPIP-40 /30A(I)

Бренд: KORINS Страницы: 3

Бренд: National Instruments Страницы: 31

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды