Black Box LR1530A-EU-R3 Скачать руководство пользователя страница 55

Страница: 55 / 63

Programmable Filtering

IP, and no more

This example performs just the opposite function to the above example. Only IP packets will be allowed to be

passed across the bridged network.

For this function there must be a method to prevent all but IP packets from being filtered. For this the NOT (“~”)

logical operator is used. The NOT operator specifies that the expression has to be FALSE before the frame is

filtered. In other words, only frames that are NOT equal to the expression will be filtered and discarded.

To create this mask, the following expression is entered:

~(12-0800)

The parenthesis simply ensures that the NOT operator will apply to the entire expression.

In this case, whenever a frame is received, the frame will be filtered if the protocol type is NOT equal to 0800 (IP).

Only one filter pattern may be used that contains the NOT operator.

Transport Control Protocol / Internet Protocol (TCP/IP)

The previous example showed how to filter all Ethernet frames that contained an IP protocol packet. However, IP is

used as the Network-layer protocol for more than 40 different Transport-layer protocols, TCP being only one of

them. Therefore, with the mask that was used as noted in the previous IP example, all Transport layer protocols that

used IP would also be filtered. This may not be desirable in all cases.

For this example, the discrimination of the Transport Layer used within an IP packet will be demonstrated. This

requires an AND function, since we want to filter data that both is IP and contains TCP information.

Within the IP frame, there is a single octet field that may be used to indicate the protocol of the Transport layer, or

the protocol of the data in the IP packet. If TCP were the protocol within the IP packet, this octet, or 8-bit byte,

would be equal to 6.

The location of this field, remembering that the start of the Ethernet frame is always the base reference, is octet 23.

Filter only TCP/IP

To filter only those packets that are TCP/IP, the mask would therefore be:

12-0800&23-06

The 12-0800 is the IP expression and the 23-06 will represent TCP in an IP frame. The “&” is the logical AND

operator, so the expression requires that the frame be both an IP and TCP.

Filter all IP without TCP traffic

To filter all IP packets that do not contain TCP traffic, the mask would be:

12-0800&~(23-06)

Filter all except TCP/IP

To filter all other packets except TCP/IP packets, the mask would be:

~(12-0800&23-06)

Содержание LR1530A-EU-R3

Страница 1: ...Series 500 Frame Relay Leased Line Bridge Router Reference Manual LR1530A R3 LR1530A EU R3 LR1531A R2 LR1535A R2 5500100 10 equivalent to 5500087 10 Copyright 2002 by Black Box Corporation...

Страница 2: ...urces The Ethernet bridge router can be thought of as a group of discrete functions combined in a single box The first functional module is the LAN interface which receives all LAN traffic and then de...

Страница 3: ...an ARP request If the destination station is on a different network the router connected to the originating network will see from the IP address that the frame is to be routed to another network If t...

Страница 4: ...not have an entry the destination router will generate an ARP request The destination station will send an ARP reply Destination router will rebuild the complete frame with a new MAC header indicatin...

Страница 5: ...ere the fragment fits into the original IP frame The Ethernet bridge router will accept fragmented frames directed to itself and reassemble them but it will not fragment frames Options There are vario...

Страница 6: ...ters share routing tables each router has the ability to determine whether it is the best router to use for network traffic Once a station receives a redirect all future IP frames destined for the par...

Страница 7: ...st route path is based solely on the number of hops to the destination network Update Mechanism In order to ensure that the routing tables of all routers in the network are kept up to date each router...

Страница 8: ...ddressing An Ethernet frame has at least two levels of addressing The MAC addresses for both the source and destination are contained in the MAC header The MAC addresses are essentially physical port...

Страница 9: ...ons having for example consecutive addresses Instead the network is forced to live with whatever MAC address is assigned to the LAN port Socket Addresses The Socket Number identifies the process withi...

Страница 10: ...pre programmed with the name of the Preferred Service which allows the Client station to connect automatically without human intervention to the Preferred Server When no Preferred Service is set the...

Страница 11: ...004 File Server 0005 Job Server 0006 Gateway 0007 Print Server 0009 Archive Server 0024 Remote Bridge Server 0027 TCP IP Gateway Routing Information Protocol The Novell Routing Information Protocol RI...

Страница 12: ...have to wait for about 30 seconds until it heard from all other routers via their standard RIP X broadcasts RIP X Metrics The RIP X routing protocol measures routes based on two metrics the hop count...

Страница 13: ...rocess Each time a Ethernet bridge router is powered up it will perform extensive hardware and software tests to ensure the integrity of the unit and its attached LAN and Link interfaces Upon successf...

Страница 14: ...ognize those addresses that are local to a specific LAN segment The bridge will thereby filter discard all local packets and forward all unknown non local packets to the second segment located on the...

Страница 15: ...olled through the bridge options Purging the address does not prevent the station from using the bridging facilities since the location of the station may be re learned However since a small aging tim...

Страница 16: ...he connection attempt will be ignored Connecting to a bridge router while the remote bridge router menu system is operating with a different terminal setting may cause unexpected screen errors Once th...

Страница 17: ...ghput range from 112 128 Kbps when transferring binary files to 364 384 Kbps when transferring graphic files This increased throughput significantly reduces the bandwidth required between the LANs to...

Страница 18: ...performed quickly and painlessly from a host server with TFTP capabilities on the network The Bridge Router also allows the downloading of software updates by using a direct management port connection...

Страница 19: ...e in this router may be configured to operate in one of four modes V 11 X 21 V 35 RS232 V 24 or RS530 RS422 The interface connector for all types is a standard DB25 pin female connector 13 1 25 14 WAR...

Страница 20: ...is connection will then provide access to the built in menu system If the console interface is to be connected to a modem or other DCE device a standard RS 232 crossover converter should be used The f...

Страница 21: ...m crossover cable used for the connection A DSU CSU crossover cable would be constructed as follows 1 7 2 8 7 1 8 2 T1 E1 Module Routers with a T1 E1 interface module use a standard RJ45 service conne...

Страница 22: ...nsmit Data B X 15 Y Send Signal Element Timing A X 16 T Received Data B X 17 V Receiver Signal Element Timing A X 18 L Local Loopback X 19 20 H Data Terminal Ready X 21 N Remote Loopback X 22 23 24 U...

Страница 23: ...to twisted pairs within the connecting cable This cable is needed when it is necessary to connect two units back to back and a set of modems is not available Note that this cable specifies DB25 connec...

Страница 24: ...l Detector CD X 9 10 11 12 13 14 15 114 DB Transmit Signal Element Timing DCE Source X 16 17 115 DD Receive Signal Element Timing DCE Source X 18 141 Local Loopback X 19 20 108 2 CD Data Terminal Read...

Страница 25: ...9 T B Transmitted Data B X 10 C B Control B X 11 R B Received Data B X 12 I B Indication B X 13 S B Signal Element Timing B X 14 15 Figure 2 7 V 11 Link Pinouts The connecting cable must be a shielde...

Страница 26: ...X 11 DA B Transmit Signal Element Timing DTE Source X 12 DB B Transmit Signal Element Timing DCE Source X 13 CB B Clear to Send X 14 BA B Transmitted Data X 15 DB A Transmit Signal Element Timing DCE...

Страница 27: ...ust be a shielded cable This cable is needed when it is necessary to connect two units back to back and a set of modems is not available Note that this cable specifies DB25 connectors on each end to a...

Страница 28: ...d Data A Transmitted Data B Received Data B DCE Ready A DCE Ready B Clear To Send B Request To Send A Request To Send B Received Line Signal Detector A Received Line Signal Detector B DTE Ready A DTE...

Страница 29: ...en it is necessary to connect two units back to back and a set of modems is not available Note that this cable specifies DB15 connectors on each end to allow direct connection to the link interface co...

Страница 30: ...y drives DTR and RTS high and again waits for the duration of CD Wait Time for CD to be asserted NOTE If the level 2 process times out DTR toggle will be started 3 When incoming CD and DSR signals bot...

Страница 31: ...e site profile Once BCP negotiations are complete IP routing may take place between the two routers Completed CCP negotiation with remote site alias Generated when the Compression Control Protocol neg...

Страница 32: ...y the unit on the far end of this link Error executing XXXXXX Generated when an error is detected loading back a configuration The invalid command is specified Incorrect password from IP address Gener...

Страница 33: ...ne down due to no replies to the echo request messages sent LCP X operational Generated when the Link Control Protocol of a PPP link or remote site has been negotiated and is now operational between t...

Страница 34: ...ignal Generated when the CSU DSU link module cannot establish communications with the local telco Link X CSU DSU Reset Generated when the router has initiated a reset of the CSU DSU link module Link X...

Страница 35: ...iated Restoring boot DNLDSEG configuration Generated upon entering Network Load Mode to initialize specific configuration information required for retrieving new code image Generated upon entering ope...

Страница 36: ...ed Generated when STP is enabled TFTP stop putting filename to IP address The bridge router has sent the final data packet of a file filename but has timed out before receiving the final ACK The sessi...

Страница 37: ...nection to a remote site is being closed due to an inactivity timeout Closing remote site X IP triggered RIP Generated when the connection to a remote site is being closed due to failure of IP trigger...

Страница 38: ...non volatile memory within the time limit Possible hardware fault Configuration saved Generated when the save configuration option has been activated Configuration too large to be saved Generated when...

Страница 39: ...router E mail server added to firewall The IP address of the E mail server added to the table of services available through the firewall E mail server removed from firewall The IP address of the E ma...

Страница 40: ...established Generated on startup when integrity of the LAN interface has been successfully verified by the external loopback test Link X attached to remote site remote site alias Generated when Link...

Страница 41: ...mote site remote site alias The link that has been assigned to this remote site is not configured for leased line operation Link X Outgoing Data Call to DN Generated when a data call is outgoing to th...

Страница 42: ...remote site profiles before another entry can be made Old download method Load in all file Generated when an attempt is made to load a fcs or lda format program file into hardware which will only acc...

Страница 43: ...osts The SNMP community displayed has had write access enabled to all hosts on the network anyone may access any host to make changes Service added to firewall The IP address of the Service added to t...

Страница 44: ...se of the reception of a TFTP error message from the connected device The errors are 0 not defined 1 file not found 2 access violation 3 disk full or allocation exceeded 4 illegal TFTP operation 5 unk...

Страница 45: ...mote site profile being deleted while a connection attempt is being made WWW HTTP server removed from firewall The IP address of the WWW HTTP server removed from the table of services available throug...

Страница 46: ...ication failure for user Y Generated when the PAP password sent by this router in reply to the remote site router PAP password request is rejected PAP failed for remote site alias Generated when the r...

Страница 47: ...by preventing unauthorized user access The Ethernet bridge router provides three built in functions in addition to defined programmable masks to control the access to resources The first function is...

Страница 48: ...RESS FILTERS MENU where access to the MAC Address filters is obtained 4 From the MAC ADDRESS FILTERS MENU make sure that Filter Operation is currently set to positive This will cause the MAC Address F...

Страница 49: ...From the CONFIGURATION MENU enter an 8 This will place you at the FILTER SET UP MENU where access to the individual filtering menus is obtained 3 From the FILTER SET UP MENU enter a 1 This will place...

Страница 50: ...Destination Forward if Destination is a function that allows you to forward an Ethernet frame based on the destination of its address and filter all other frames If the destination address equals the...

Страница 51: ...f information is seen on the local LAN that contains the address of the host system in the destination field of the frame the bridge router will forward it All other frames seen on the local LAN that...

Страница 52: ...probably not been active for the bridge router to learn any information about it Therefore you will have to tell the bridge router a little bit more about the station 7 Enter a 2 to enter the location...

Страница 53: ...D Used in combination filters when one and the other conditions must be met Example 10 20 12 80 This filter pattern will match if the packet information starting at the 10th octet equals the 20 of the...

Страница 54: ...be applied to the mask expression Protocol Type Field Within an Ethernet frame a protocol field exists at octet 12 and 13 These two octets or 8 bit bytes will represent the type of higher level protoc...

Страница 55: ...being only one of them Therefore with the mask that was used as noted in the previous IP example all Transport layer protocols that used IP would also be filtered This may not be desirable in all cas...

Страница 56: ...l servers located on an Ethernet network This example is similar to the Internet Protocol example described previously The protocol type field value that is used for LAT frames is equal to 6004 Filter...

Страница 57: ...ork To prevent this information from being seen across the link on the other LAN segment a filter mask can be used To prevent broadcast information from being passed across the link use the following...

Страница 58: ...ill filter IP packets that contain the Internet address of 128 001 002 003 As another example assume that this Internet address should also be filtered if it originates any data In addition to the mas...

Страница 59: ...ould be 6 010203040506 12 0800 23 06 Example To prevent a specific protocol type from accessing a specific Ethernet Address Assume the Ethernet address is 01 02 03 04 05 06 and the protocol type is Ap...

Страница 60: ...LAN facilities the Ethernet remote bridge router provides programmable filter masks that may be defined to act on any part of the IP frame The IP Router Filter Patterns menu is located under the Filte...

Страница 61: ...d Novell frames when bridging and when routing When routing the TCP IP and Novell frames are examined after the Level 2 Ethernet portion of the frame has been stripped from the whole data frame This m...

Страница 62: ...ad 6002 DEC MOP Remote Console 6003 DEC DECNET Phase IV Route 6004 DEC LAT 6005 DEC Diagnostic Protocol 6006 DEC Customer Protocol 6007 DEC LAVC SCA 8035 Reverse ARP 803D DEC Ethernet Encryption 803F...

Страница 63: ...Frame Formats 63 Octet Locations on an IPX Routed Novell Netware Frame Octet Locations on a Bridged XNS Frame 5500100 10...

Результаты поиска

Содержание LR1530A-EU-R3

Отзывы:

Похожие инструкции для LR1530A-EU-R3

Бренды по названию

Популярные бренды

Black Box LR1530A-EU-R3, Справочное руководство

Результаты поиска

Содержание LR1530A-EU-R3

Отзывы:

Похожие инструкции для LR1530A-EU-R3

Бренды по названию

Популярные бренды