manualshive.com logo in svg

BinTec Dm752-I, Руководство пользователя

BinTec Dm752-I - Инновационный маршрутизатор с быстрым интернет-соединением. Получите руководство по эксплуатации бесплатно на manualshive.com, чтобы настроить его правильно и получить максимальную производительность. Скачайте свое руководство и начните пользоваться устройством уже сегодня.

Поделиться
Скачать
background image

You can configure 9999 access lists in the router. Access lists whose identifiers take a value between 1 and 99 are
Standard Access Lists. Extended Access Lists take a value between 100 and 1999 and those between 5000 and
9999 are Stateful Access Lists.

The 9999 access lists are empty by default. An access list is considered empty when it does not contain any entries.

Depending on the type of list created (Standard/Extended/Stateful), entry configurations are carried out in a submenu
containing the same parameters for all entries of the same type. The following sections describe the configuration
mode for all parameters contained in these submenus.

Non-configured entry parameters or options in the Access Control Lists will not be taken into account when checking
the access.

Note

The order of the entries in the Access Control List is very important if the information the sentences
refer to stretches over different entries.

You must bear in mind that the order in which the entries in a list are dealt with is not defined by the
entry identifier number, but by the order in which they have been introduced. This order can be seen
through the list command and modified with the move-entry command. When moving through the list,
beginning with the first listed element or entry, if an element is found that matches the search criteria,
no further search is carried out and the action indicated by said entry is executed.

Please note that the search order among the entries on an Access Control List DIFFERS from that
used in a Prefix List (please see manual

bintec Dm780-I Prefix Lists

). In the latter case, this order is

given by the value of the identifier.

The following commands are available in the main Access Control menu:

Command

Function

? (HELP)

Lists the available commands or their options.

ACCESS-LIST

Configures an access list.

LIST

Displays the configuration of the access lists.

NO

Negates a command or sets the default value.

2.3.1 ? (HELP)

Lists the valid commands at the level where the router is programmed. You can also use this command after a spe-
cific command to list the available options.

Syntax:

Access Lists config>?

Example:

Access Lists config>?

access-list

Configure an access-list

list

Display access-lists configuration

no

Negates a command or sets its defaults

exit

Access Lists config>

2.3.2 ACCESS-LIST

Accesses the submenu that allows you to configure entries in an access list. Access lists are identified by a numeric-
al value that can take values between 1 and 9999 (i.e. the router allows you to configure 9999 access lists). Access
lists whose identifiers take a value between 1 and 99 are Standard Access Lists. Extended Access Lists take a value
between 100 and 1999, while those taking a value between 5000 and 9999 are Stateful Access Lists.

Once you have entered this command, followed by an identifier, you access a submenu where you can configure an
access list for said identifier. The type of access list and its identifier will appear in the new prompt.

Syntax:

Access Lists config>access-list ?

<1..99>

Standard Access List number (1-99)

<100..1999>

Extended Access List number (100-1999)

bintec elmeg

2 Configuration

Access Control

5

Содержание Dm752-I

Страница 1: ...Access Control bintec Dm752 I Copyright Version 11 06 bintec elmeg bintec elmeg Manual Access Control 1...

Страница 2: ...bintec offers no warranty whatsoever for information contained in this manual bintec is not liable for any direct indirect collateral consequential or any other damage connected to the delivery supply...

Страница 3: ...4 4 MOVE ENTRY 11 2 4 5 DESCRIPTION 11 2 4 6 NO 12 2 4 7 EXIT 12 2 5 Extended Access Lists 12 2 5 1 HELP 13 2 5 2 ENTRY 13 2 5 3 LIST 20 2 5 4 MOVE ENTRY 21 2 5 5 DESCRIPTION 21 2 5 6 NO 21 2 5 7 EXI...

Страница 4: ...R CACHE 43 3 1 4 SET CACHE SIZE 43 3 1 5 SHOW HANDLES 43 3 1 6 HIDE HANDLES 43 Chapter 4 Appendix 44 4 1 Reserved Ports 44 4 2 Reserved Protocols 44 4 3 Protocol Values in Stateful Lists 47 Table of C...

Страница 5: ...intec Dm745 I Policy Routing bintec Dm764 I Route Mapping bintec Dm780 I Prefix Lists bintec Dm786 I AFS bintec Dm788 I New NAT Protocol bintec Dm795 I Policy Map Class Map bintec elmeg Related Docume...

Страница 6: ...at both input to avoid router overload and output Access Control Lists themselves cannot limit the packet flow in the router To do this they must be associated to pro tocols that allow traffic filters...

Страница 7: ...of entries which define the properties that a packet must have in order to belong to this entry and consequently to this list This Access Control List is then assigned to a protocol Note Access Contr...

Страница 8: ...ess Controls functionality configuration menu Here you can create eliminate and view the access lists Each Access Control List is made up of entries where you can indicate criteria and the parameters...

Страница 9: ...on an Access Control List DIFFERS from that used in a Prefix List please see manual bintec Dm780 I Prefix Lists In the latter case this order is given by the value of the identifier The following com...

Страница 10: ...tandard Access List 1 assigned to no protocol 1 PERMIT SRC 192 60 1 24 32 2 PERMIT SRC 0 0 0 0 0 Extended Access List 100 assigned to no protocol 1 PERMIT SRC 172 34 53 23 32 DES 0 0 0 0 0 Conn 0 PROT...

Страница 11: ...identifier is within the 1 99 value range i e a Standard List The new submenu prompt together with its identifier shows it is a Standard List Example Access Lists config access list 1 Standard Access...

Страница 12: ...f entry or access control as permit deny Configures type of entry or access control as deny source Source menu subnet or port description Sets a description for the current entry 2 4 2 1 ENTRY id DEFA...

Страница 13: ...e concepts Address Wildcard mask Matching entry 172 24 0 127 255 255 0 255 Matches source addresses 172 24 x 127 regardless of the value of x E g 172 24 12 127 0 0 0 67 0 0 0 255 Matches source addres...

Страница 14: ...ample Standard Access List 1 entry 1 description first entry Standard Access List 1 2 4 3 LIST Displays the information on the Access Control List configuration that is being edited i e information re...

Страница 15: ...nt of which you wish to place the entry When you wish to place an entry at the end of the list lowest priority you need to specify the end option Syntax Standard Access List move entry entry_to_move e...

Страница 16: ...tandard Access Control list configuration environment and returns to the main Access Control menu prompt Syntax Standard Access List exit Example Standard Access List 1 exit Access Lists config 2 5 Ex...

Страница 17: ...t already exists means that the value of the parameter introduced will be modified Syntax Extended Access List entry id parameter value The configuration options for an Extended entry are as follows E...

Страница 18: ...range 2 5 2 4 1 ENTRY id SOURCE ADDRESS Establishes the source IP address sentence A mask is used to indicate the selected range of addresses This ad dress may not be numbered meaning you can enter an...

Страница 19: ...entry 3 source address interface serial0 0 Extended Access List 100 Caution An interface should only be configured as source in those access lists that are going to be associated to IPSec Since this...

Страница 20: ...ecked with the entry To do this the active bits in the wildcard mask indicate the exact position of the address bit that must be checked by the entry Please check the double examples in the following...

Страница 21: ...or UDP destination ports If the packet corresponds to the ICMP protocol and the entry is configured to carry out filtering over this protocol using command entry id protocol icmp this command establis...

Страница 22: ...f you do not want to set a range simply enter two equal values Both protocol identifiers can take values between 0 and 255 The purpose of this command is to grant or deny access to various protocols S...

Страница 23: ...2 ENTRY id TOS OCTET Establishes the Access Control sentence based on the value of the IP packet Type of Service byte This can take values between 0 and 255 You can also specify a bits mask that deter...

Страница 24: ...is access list address filter entries Display the entries that match an ip address entry Display one entry of this access list 2 5 3 1 LIST ALL ENTRIES Displays all the Access Control List configurati...

Страница 25: ...RT 1024 65535 2 PERMIT SRC 192 233 33 11 32 DES 0 0 0 0 0 Conn 0 PROT 33 102 3 DENY SRC 0 0 0 0 0 DES 0 0 0 0 0 Conn 0 Extended Access List 100 move entry 1 end Extended Access List 100 list all entri...

Страница 26: ...identifier is within the 5000 9999 value range i e a Stateful List The new submenu prompt together with its identifier shows it is a Stateful Access List Example Access Lists config access list 5001...

Страница 27: ...reates and modifies an entry or element in an Access Control List This command must always be entered followed by the register number identifier and a sentence A new entry is created whenever this com...

Страница 28: ...IP protocol matching options protocol range Specify a protocol range peer2peer Match peer to peer traffic rate limit Match an specific rate limit in kbps conn limit Match an specific connection limit...

Страница 29: ...p referer ebay com Command history Version Modification 11 1 1 This command was introduced as of version 11 1 2 2 6 3 4 ENTRY id APP DETECT HTTP URL Matches the HTTP URL session drawn by AFS app detec...

Страница 30: ...st be configured for the command to be operative If no SSL session is detected when said app detect is configured there is no match Syntax Stateful Access List entry id app detect ssl Example Stateful...

Страница 31: ...pecify the mask this is assumed to be the host mask This also allows you to select the destination address through range Syntax Stateful Access List entry id destination address ip mask mask Stateful...

Страница 32: ...l parameter associated to each packet It is made up of a number that can be used to select classify and filter IP traffic By default all IP packets have an associated label value equal to 0 This value...

Страница 33: ...teful Access List 5000 Some of the selected protocols allow for sub options such as peer2peer Stateful Access List 5000 entry 1 protocol peer2peer all All peer to peer traffic apple AppleJuice traffic...

Страница 34: ...surpassed the packet is considered as matching this criterion Syntax Stateful Access List entry id rate limit limit burst Example Stateful Access List 5000 entry 1 rate limit 100 Stateful Access List...

Страница 35: ...2000 Stateful Access List 5000 2 6 3 30 ENTRY id SOURCE UDP PORT Specifies a port or a range of UDP source ports The packet must be UDP to match this criterion Syntax Stateful Access List entry id sou...

Страница 36: ...tate The possible states for a session are as follows invalid The session is in an invalid state ready to be deleted new The session is new this is the first packet for this session established The se...

Страница 37: ...addresses themselves must be specified in a configuration file detailed below The device downloads the indic ated configuration file through the tftp protocol Use this command to specify the tftp ser...

Страница 38: ...00 seconds If you don t specify any value the default updating interval is 1 day 2 Subsequently you can enter the http error page that you want to be displayed in cases where there has been an attempt...

Страница 39: ...50000 2 7 Show Config Show Config is a configuration console tool PROCESS 4 that allows you to list the commands required to config ure a router from an empty configuration no conf The command can be...

Страница 40: ...ntry 1 source address 172 24 51 57 255 255 255 255 Extended Access List 101 entry 1 destination address 172 60 1 163 255 255 255 255 Extended Access List 101 The configured access list will have the f...

Страница 41: ...g the access List to the IPSec Protocol To complete the IPSec Security policies databases SPD you need to map the Access Control List elements to the selected Templates In this case since the Access C...

Страница 42: ...dles disappear 3 1 1 HELP Lists the valid commands at the level where the router is programmed You can also use it after a specific command to list the available options Syntax Access Lists Example Ac...

Страница 43: ...Cache size 32 entries Promotion zone 6 entries ACCESS LIST ENTRIES 1 PERMIT SRC 172 25 54 33 32 DES 192 34 0 0 16 Conn 0 PROT 21 Hits 0 2 DENY SRC 0 0 0 0 0 DES 0 0 0 0 0 Conn 0 Hits 0 3 PERMIT SRC 0...

Страница 44: ...entries Promotion zone 6 entries ACCESS LIST ENTRIES 1 PERMIT SRC 172 25 54 33 32 DES 192 34 0 0 16 Conn 0 PROT 21 Hits 0 2 DENY SRC 0 0 0 0 0 DES 0 0 0 0 0 Conn 0 Hits 0 3 PERMIT SRC 0 0 0 0 0 DES 0...

Страница 45: ...otocol Extended Access List 100 assigned to no protocol ACCESS LIST CACHE Hits 2 Miss 0 Cache size 32 entries Promotion zone 6 entries 1 PERMIT SRC 172 25 54 33 32 DES 192 34 0 0 16 Conn 0 PROT 21 Hit...

Страница 46: ...51 57 32 DES 172 60 1 163 32 Conn 0 Hits 0 2 PERMIT SRC 0 0 0 0 0 DES 0 0 0 0 0 Conn 0 Hits 0 Extended Access List 103 assigned to no protocol ACCESS LIST ENTRIES 1 PERMIT SRC 1 0 0 0 8 DES 2 0 0 0 8...

Страница 47: ...trol List from the cache processing the Access Control Lists Syntax Access Lists clear cache id Example Access Lists clear cache 100 Cache cleared Access Lists 3 1 4 SET CACHE SIZE Configures the cach...

Страница 48: ...rol ftp 21 udp File Transfer Control telnet 23 tcp Telnet telnet 23 udp Telnet smtp 25 tcp Simple Mail Transfer smtp 25 udp Simple Mail Transfer nameserver 42 tcp Host Name Server nameserver 42 udp Ho...

Страница 49: ...Class 4 RFC905 RC77 30 NETBLT Bulk Data Transfer Protocol RFC969 DDC1 31 MFE NSP MFE Network Services Protocol MFENET BCH2 32 MERIT INP MERIT Internodal Protocol HWB 33 SEP Sequential Exchange Protoco...

Страница 50: ...C3 76 BR SAT MON Backroom SATNET Monitoring SHB 77 SUN ND SUN ND PROTOCOL Temporary WM3 78 WB MON WIDEBAND Monitoring SHB 79 WB EXPAK WIDEBAND EXPAK SHB 80 ISO IP ISO Internet Protocol MTR 81 VMTP VMT...

Страница 51: ...io Transport Protocol Sautter 127 CRUDP Combat Radio User Datagram Sautter 128 SSCOPMCE Waber 129 IPLT Hollbach 130 SPS Secure Packet Shield McIntosh 131 PIPE Private IP Encapsulation within IP Petri...

Страница 52: ...s ARGUS ariel1 Ariel1 ariel2 Ariel2 ariel3 Ariel3 aris ARIS arns A remote network server system as servermap AS Server Mapper asa ASA Message router object def asa appl proto asa appl proto asip webad...

Страница 53: ...File System cimplex cimplex cisco fna cisco FNATIVE cisco phone Cisco IP Phones and PC Based Unified Communicators cisco sys cisco SYSMAINT cisco tdp Cisco TDP cisco tna cisco TNATIVE citrix Citrix IC...

Страница 54: ...rol Protocol dcn meas DCN Measurement Subsystems dcp Device Control Protocol dctp dctp ddm dfm DDM Distributed File management ddm rdb DDM Remote Relational Database Access ddm ssl DDM Remote DB Acces...

Страница 55: ...rior Gateway Routing Protocol elcsd errlog copy server daemon embl ndt EMBL Nucleic Data Transfer emcon EMCON emfis cntl EMFIS Control Service emfis data EMFIS Data Service encap Encapsulation Header...

Страница 56: ...HELLO_PORT hems hems hip Host Identity Protocol hmmp ind HMMP Indication hmmp op HMMP Operation hmp Host Monitoring hopopt IPv6 Hop by Hop Option hostname NIC Host Name Server hp alarm mgr hp performa...

Страница 57: ...Compression Protocol ipcserver Sun IPC server ipcv Internet Packet Core Utility ipdd ipdd ipinip IP in IP ipip IP within IP Encapsulation Protocol iplt IPLT ipp Internet Printing Protocol ippc Interne...

Страница 58: ...y Access Protocol ldp LDP leaf 1 Leaf 1 leaf 2 Leaf 2 legent 1 Legent Corporation legent 2 Legent Corporation ljk login ljk login lockd LockD locus con Locus PC Interface Conn Server locus map Locus P...

Страница 59: ...soft rome ms shuttle microsoft shuttle ms sql m Microsoft SQL Monitor msdp msdp msexch routing MS Exchange Routing msft gc Microsoft Global Catalog msft gc ssl Microsoft Global Catalog with LDAP SSL m...

Страница 60: ...Who Is nlogin nlogin nmap nmap nmsp Networked Media Streaming Protocol nnsp nnsp nntp Network News Transfer Protocol notes Lotus Notes R novadigm Novadigm Enterprise Desktop Manager EDM novastorbakcu...

Страница 61: ...word chg Password Change pawserv Perf Analysis Workbench pcanywhere Symantic PCAnywhere pcmail srv PCMail Server pdap Prospero Data Access Protocol peer2peer Match peer to peer traffic personal link p...

Страница 62: ...e Remote Data Base rdp Reliable Data Protocol re mail ck Remote Mail Checking Protocol realm rusd ApplianceWare managment protocol remote kis remote kis remotefs rfs server repcmd repcmd repscmd repsc...

Страница 63: ...SCO Web Server Manager 3 sco websrvrmgr SCO WebServer Manager scohelp scohelp scoi2odialog scoi2odialog scps SCPS sctp Stream Control Transmission Protocol scx proxy scx proxy sdnskmp SDNSKMP sdrp Sou...

Страница 64: ...col snp Sitara Networks Protocol snpp Simple Network Paging Protocol sntp heartbeat SNTP HEARTBEAT socks Firewall Security Protocol softpc Insignia Solutions sonar sonar spmp spmp sprite rpc Sprite RP...

Страница 65: ...l System tacnews TAC News talk talk tcf TCF tcp Transmission Control Protocol td replica Tobit David Replica td service Tobit David Service Layer teedtap teedtap tell send telnet Telnet Protocol tempo...

Страница 66: ...vnc Virtual Network Computing vpp Virtual Presence Protocol vpps qua vpps qua vpps via vpps via vrrp Virtual Router Redundancy Protocol vsinet vsinet vslmp vslmp wap push WAP PUSH wap push http WAP P...

Страница 67: ...ransfer Protocol xfer XFER Utility xnet Cross Net Debugger xns auth XNS Authentication xns ch XNS Clearinghouse xns courier Xerox xns idp XEROX NS IDP xns mail XNS mail xns time XNS Time Protocol xtp...

Отзывы:

Нет отзывов

Похожие инструкции для Dm752-I

ICP DAS USA I-7188XA User Manual preview
I-7188XA
Бренд: ICP DAS USA Страницы: 166
ICP DAS USA SMS-531 User Manual preview
SMS-531
Бренд: ICP DAS USA Страницы: 64
ICS Tunnel Master Jr Manual preview
Tunnel Master Jr
Бренд: ICS Страницы: 83
Rain Bird Image Series Quick Start Manual preview
Image Series
Бренд: Rain Bird Страницы: 4
Rain Bird ESP-ME3 Quick Reference Manual preview
ESP-ME3
Бренд: Rain Bird Страницы: 2
Rain Bird ESP-Me User Manual preview
ESP-Me
Бренд: Rain Bird Страницы: 140
Raindrip WeatherSmart RSC600i Installation & Programming preview
WeatherSmart RSC600i
Бренд: Raindrip Страницы: 36
Zamel Extra Free RZB-02 Quick Manual preview
Extra Free RZB-02
Бренд: Zamel Страницы: 2
Elotech R 1300 Description And Operating Manual preview
R 1300
Бренд: Elotech Страницы: 20
Intermatic NE 1 Operating Instructions preview
NE 1
Бренд: Intermatic Страницы: 2
Swagelok BSH 10 Series User Manual preview
BSH 10 Series
Бренд: Swagelok Страницы: 20
Espressif Systems ESP32-C3 Series Hardware Design Manuallines preview
ESP32-C3 Series
Бренд: Espressif Systems Страницы: 30
Neets Control LiMa Installation Manual preview
LiMa
Бренд: Neets Control Страницы: 12
Partlow MIC 1161 Operator'S Manual preview
MIC 1161
Бренд: Partlow Страницы: 49
Ascon tecnologic TLB 55 Operating Instruction preview
TLB 55
Бренд: Ascon tecnologic Страницы: 11
ROBOT3T THC3T-02 Operation Manual preview
THC3T-02
Бренд: ROBOT3T Страницы: 21
StudioComm Dante 792 User Manual preview
Dante 792
Бренд: StudioComm Страницы: 61
Srne ML4860N15 User Manual preview
ML4860N15
Бренд: Srne Страницы: 13

Бренды по названию

Популярные бренды

Загрузить еще бренды