Cabletron Systems SSIM-R8-02 Spécifications Page 304
- Page / 394
- Table des matières
- DEPANNAGE
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Creating and Modifying ACLs
284 Enterasys Xpedition User Reference Manual
Allowing External Responses to Established TCP Connections
Typically organizations that are connected to the outside world implement ACLs to deny
access to the internal network. If an internal user wishes to connect to the outside world,
the request is sent; however any incoming replies may be denied because ACLs prevent
them from going through. To allow external responses to internally generated requests,
you would have to create an ACL to allow responses from each specific outside host. If the
number of outside hosts that internal users need to access is large or changes frequently,
this can be difficult to maintain.
To address this problem, the XP can be configured to accept outside TCP responses into
the internal network, provided that the TCP connection was initiated internally.
Otherwise, it will be rejected. To do this, enter the following command in Configure
Mode:
Note: The ports that are associated with the interface to which the ACL is applied must
reside on updated XP hardware.
The following ACL illustrates this feature:
Any incoming TCP packet on interface int1 is examined, and if the packet is in response to
an internal request, it is permitted; otherwise, it is rejected. Note that the ACL contains no
restriction for outgoing packets on interface int1, since internal hosts are allowed to access
the outside world.
Creating and Modifying ACLs
The XP provides two mechanisms for creating and modifying ACLs:
• Editing ACLs on a remote host and uploading them to the XP using TFTP or RCP
• Using the XP’s ACL Editor
The following sections describe these methods.
Allow TCP responses from external hosts,
provided the connection was established
internally.
acl <name> permit tcp established
acl 101 permit tcp established
acl 101 apply interface int1 input
- 8VHU5HIHUHQFH0DQXDO 1
- 1
- ENTERASYS NETWORKS, INC 3
- PROGRAM LICENSE AGREEMENT 3
- DECLARATION OF CONFORMITY 5
- Contents 10
- Chapter 1 21
- Introduction 21
- Document Conventions 22
- Getting Help 22
- Chapter 2 25
- Maintaining 25
- Configuration Files 25
- Configuration File 29
- Configuring System Settings 33
- Configuring a Log-in Banner 34
- Chapter 3 35
- Using the CLI 35
- Command Modes 36
- Establishing Telnet Sessions 37
- Setting CLI Parameters 37
- ↑ key, the CLI displays the 38
- Line Editing Commands 40
- Command Resulting Action 41
- Port Names 42
- Chapter 4 45
- Hot Swapping Line 45
- Cards and Control 45
- Hot Swapping Line Cards 46
- Removing the Line Card 47
- Installing a New Line Card 47
- Removing the Control Module 49
- Installing a Control Module 49
- Offline LED 50
- Hot Swap Button 50
- Chapter 5 53
- Bridging 53
- VLAN Overview 54
- XP VLAN Support 56
- Configuring Spanning Tree 60
- Configuring VLAN Trunk Ports 63
- Configuring Layer-2 Filters 64
- Monitoring Bridging 65
- VLAN ID 5 66
- Chapter 6 67
- SmartTRUNK 67
- Configuring SmartTRUNKs 68
- Monitoring SmartTRUNKs 69
- Chapter 7 73
- ATM Configuration 73
- Virtual Channels 74
- Service Profile Definition 74
- Cell Scrambling 77
- ATM port 78
- Cell Mapping 79
- Creating a Non-Zero VPI 80
- ATM Sample Configuration 1 85
- Creating a Virtual Channel 86
- Configuring an IP Route 87
- ATM Sample Configuration 2 89
- Chapter 8 95
- Packet-over-SONET 95
- Monitoring PoS Ports 100
- Example Configurations 101
- Chapter 9 105
- Configuration Guide 105
- Configuring Client Parameters 106
- Configuring DHCP 107
- Updating the Lease Database 108
- Monitoring the DHCP Server 108
- DHCP Configuration Examples 109
- Configuring Secondary Subnets 110
- Interacting with Relay Agents 112
- Chapter 10 115
- IP Routing 115
- Multicast Routing Protocols 116
- Configuring Jumbo Frames 118
- Configuring DNS Parameters 122
- Configuring IP Helper 122
- Configuring Direct Broadcast 123
- Monitoring IP Parameters 124
- Configuring Router Discovery 125
- Configuration Examples 128
- Chapter 11 129
- Basic VRRP Configuration 130
- Symmetrical Configuration 131
- Multi-Backup Configuration 133
- 10.0.0.1/16 134
- 10.0.0.2/16 134
- 10.0.0.3/16 134
- Additional Configuration 138
- Monitoring VRRP 139
- VRRP Configuration Notes 142
- Chapter 12 145
- RIP Configuration 145
- Enabling and Disabling RIP 146
- Configuring RIP Interfaces 146
- Configuring RIP Parameters 146
- Monitoring RIP 148
- Configuration Example 149
- Chapter 13 151
- OSPF Configuration 151
- Configuring OSPF 152
- Enabling OSPF 153
- Configuring an OSPF Area 155
- Creating Virtual Links 156
- Monitoring OSPF 158
- OSPF Configuration Examples 160
- A r e a 150.20.0.0 163
- Chapter 14 165
- BGP Configuration 165
- Basic BGP Tasks 166
- Setting the Router ID 167
- Configuring a BGP Peer Group 167
- Starting BGP 169
- BGP Configuration Examples 172
- BGP Peering Session Example 173
- IBGP Configuration Example 175
- AS-64801 177
- IBGP Internal Group Example 179
- 17.122.128.2/24 180
- 17.122.128.1/24 180
- Community Attribute Example 185
- Physical Link 187
- Peering Relationship 187
- Information Flow 187
- Local Preference Examples 191
- AS-64900 192
- AS-64901 192
- EBGP EBGP 192
- EBGP Aggregation Example 195
- Route Reflection Example 196
- 192.68.222.1 197
- 192.68.20.2 197
- 192.68.20.1 197
- 172.16.30.2 197
- Chapter 15 201
- Routing Policy 201
- Preference 202
- Import Policies 203
- Export Policies 204
- Specifying a Route Filter 205
- Aggregates and Generates 206
- Authentication 208
- Redistributing Static Routes 210
- Redistributing RIP into RIP 211
- Redistributing RIP into OSPF 211
- Redistributing OSPF to RIP 211
- Creating an Export Source 217
- Creating an Import Source 218
- Creating a Route Filter 218
- Creating an Aggregate Route 219
- Creating an Aggregate Source 220
- Examples of Import Policies 220
- Figure 19. Exporting to RIP 221
- Examples of Export Policies 227
- Chapter 16 237
- Multicast Routing 237
- DVMRP Overview 238
- Configuring IGMP 239
- Configuring DVMRP 240
- Starting and Stopping DVMRP 241
- Configuring DVMRP Parameters 241
- Monitoring IGMP & DVMRP 243
- Chapter 17 247
- IP Policy-Based 247
- Forwarding 247
- Configuring IP Policies 248
- Firewall Load Balancing 254
- Monitoring IP Policies 255
- Chapter 18 259
- Chapter 19 259
- Network Address 259
- Translation 259
- Configuring NAT 260
- Forcing Flows through NAT 261
- Managing Dynamic Bindings 262
- NAT and DNS 262
- NAT and ICMP Packets 263
- NAT and FTP 263
- Monitoring NAT 264
- Dynamic Configuration 265
- Dynamic NAT with DNS 268
- Chapter 20 271
- Web Hosting 271
- Load Balancing 272
- Session Persistence 273
- Persistence 274
- Default Binding 274
- Setting Server Status 278
- Load Balancing and FTP 278
- Real Server 281
- TCP Port 281
- Destination 283
- Server IP 283
- Web Caching 284
- Other Configurations 286
- Monitoring Web-Caching 288
- Chapter 21 289
- IPX Routing 289
- IPX Routing Overview 290
- Configuring IPX RIP & SAP 291
- IPX Addresses 292
- Configuring IPX Routing 293
- Enabling SAP 294
- Configuring Static Routes 294
- Monitoring an IPX Network 297
- Chapter 22 299
- Access Control List 299
- ACL Basics 300
- How ACL Rules are Evaluated 302
- Implicit Deny Rule 302
- Creating and Modifying ACLs 304
- Editing ACLs Offline 305
- Using ACLs 306
- Applying ACLs to Services 307
- Using ACLs as Profiles 308
- Enabling ACL Logging 313
- Monitoring ACLs 314
- Chapter 23 315
- Security 315
- Configuring RADIUS 316
- Configuring TACACS 317
- Configuring TACACS Plus 317
- Layer-2 Security Filters 319
- Layer-2 Filter Examples 323
- Chapter 24 331
- QoS Configuration 331
- Precedence for Layer-3 Flows 333
- XP Queuing Policies 333
- Configuring Layer-2 QoS 334
- 802.1p Priority Mapping 334
- Configuring IP QoS Policies 336
- Configuring IPX QoS Policies 337
- ToS Rewrite 339
- Monitoring QoS 342
- Limiting Traffic Rate 343
- Per-Flow Rate Limiting 344
- Port Rate Limiting 344
- Aggregate Rate Limiting 345
- Chapter 25 349
- Performance 349
- Monitoring Guide 349
- Monitoring Broadcast Traffic 351
- Chapter 26 353
- Configuring and Enabling RMON 354
- RMON Groups 355
- Control Tables 357
- Using RMON 358
- Configuring RMON Groups 359
- Displaying RMON Information 362
- RMON CLI Filters 363
- Troubleshooting RMON 365
- Allocating Memory to RMON 367
- Chapter 27 369
- LFAP Configuration 369
- Chapter 28 373
- WAN Configuration 373
- Configuring WAN Interfaces 374
- Forcing Bridged Encapsulation 376
- Packet Compression 376
- WAN Overview 377
- Packet Encryption 378
- WAN Quality of Service 378
- Frame Relay Overview 380
- Virtual Circuits 381
- Configuring PPP Interfaces 385
- Monitoring PPP WAN Ports 387
- PPP Port Configuration 388
- WAN Configuration Examples 389
- Router R1 Configuration File 391
- Router R2 Configuration File 391
- Router R3 Configuration File 392
- Router R4 Configuration File 392
- Router R5 Configuration File 393
- Router R6 Configuration File 393
Produits connexes et manuels pour Mise en réseau Cabletron Systems SSIM-R8-02
(190 pages)
(19 pages)
(396 pages)© 2020, manymanuals.fr. Tous droits réservés | 0.086 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels