Chapter 13: Configuring Security on the SSR
224
CoreWatch User’s Manual
11. Do one of the following:
–
If you have defined all of the rules for the ACL, click
Finish
.
–
If you want to define additional rules, select the
Add More Rules
check box and click
Next
.
12. If you selected the
Add More Rules
check box, define another rule in the IPX SAP ACL
Rule panel that appears. To do so repeat
step 10
and
step 11
until you define all the
desired rules for the ACL.
After you finish defining all of an ACL’s rules, Configuration Expert adds the ACL to the
IPX SAP ACLs object. Configuration Expert also adds a separate object for each rule and
places this list of rules in the ACL object.
The rule numbers displayed in an ACL’s list of rules, are automatically assigned by
Configuration Expert. A rule’s number is included in the Rule # box of the IPX ACL Rule
panel when you are defining that rule.
Applying ACLs to IP or IPX Interfaces
Defining an ACL specifies what sort of traffic to permit or deny. However, an ACL has no
effect unless it is applied to an interface. An ACL can be applied to examine either
inbound or outbound traffic. Inbound traffic is traffic coming into the router. Outbound
traffic is traffic that is going out of the router. When you apply an ACL to an interface, you
implicitly enable access control on that interface.
In general, you should try to apply ACLs at the inbound interfaces instead of the
outbound interfaces. If a packet is to be denied, you want to drop the packet as early as
possible, at the inbound interface. Otherwise, the router will have to process the packet,
determine where the packet should go only to find out that the packet should be dropped
at the outbound interface. In some cases, however, it may not be simple or possible for the
Service Type
Enter the SAP service type.
You may enter the service type as hexadecimal or select one
of the choices from the Service Type drop-down list. You do
not need to use a “0x” prefix. You can enter ANY to specify a
wildcard (“don’t care”) condition.
Network Address
Enter the SAP server’s network address You can enter ANY
to specify a wildcard (“don’t care”) condition.
Node (MAC) Address
Enter the SAP server’s MAC address. You can enter ANY to
specify a wildcard (“don’t care”) condition.
Table 26. IPX SAP ACL rule criteria fields (Continued)
Field
Description
Содержание CoreWatch
Страница 1: ...CoreWatch User s Manual 9032564 04...
Страница 2: ...Notice 2 CoreWatch User s Manual...
Страница 20: ...Preface 20 CoreWatch User s Manual...
Страница 64: ...Chapter 5 Changing System Settings 64 CoreWatch User s Manual...
Страница 86: ...Chapter 6 Configuring SSR Bridging 86 CoreWatch User s Manual...
Страница 106: ...Chapter 7 Configuring VLANs on the SSR 106 CoreWatch User s Manual...
Страница 206: ...Chapter 12 Configuring QoS on the SSR 206 CoreWatch User s Manual...
Страница 246: ...Chapter 13 Configuring Security on the SSR 246 CoreWatch User s Manual...
Страница 274: ...Chapter 15 Configuring BGP on the SSR 274 CoreWatch User s Manual Figure 184 BGP Peer Group Definition panel Options tab...
Страница 363: ...CoreWatch User s Manual 363 Chapter 16 Configuring Routing Policies on the SSR 9 Click OK...
Страница 364: ...Chapter 16 Configuring Routing Policies on the SSR 364 CoreWatch User s Manual...
Страница 370: ...Chapter 17 Checking System Status 370 CoreWatch User s Manual...
Страница 390: ...Chapter 18 Monitoring Real Time Performance 390 CoreWatch User s Manual...
Страница 396: ...Chapter 19 Checking the Status of Bridge Tables 396 CoreWatch User s Manual...
Страница 430: ...Chapter 20 Checking the Status of Routing Tables 430 CoreWatch User s Manual...
Страница 442: ...Chapter 22 Obtaining Reports 442 CoreWatch User s Manual...
Страница 456: ...Appendix B CoreWatch Menus 456 CoreWatch User s Manual...