Lucent Technologies 6000 User Manual

Page 552

Advertising
background image

15-16

MAX 6000/3000 Network Configuration Guide

Defining Static Filters
Defining IP filters

Configure the output filter, setting Type to IP filter and setting Forward to Yes. This filter
specifies the source mask and address for the local network. (Packets originating on the local
network should be forwarded across the WAN.)

Output filters...

Out filter=01

Type=IP

Valid=Yes

IP....

Forward=Yes

Src Mask=255.255.255.192

Src Adrs=10.100.50.128

Following is a comparable RADIUS filter definition:

test-user Password="test-pw"

Ascend-Data Filter="ip in drop srcip 10.100.50.128/26"

Ascend-Data Filter="ip in drop srcip 127.0.0.0/8"

Ascend-Data Filter="ip in forward"

Ascend-Data Filter="ip out forward srcip 10.100.50.128/26"

Examples of an IP filter for more complex security issues

This section illustrates some of the issues you might need to consider when writing your own
IP filters. However, the sample filter presented here does not address the fine points of network
security. You might want to use this filter as a starting point and augment it to address your
security requirements.

In this example, the local network supports a Web server, and the administrator needs to carry
out the following tasks:

Provide dial-in access to the server’s IP address

Restrict dial-in traffic to all other hosts on the local network

However, many local IP hosts need to dial out to the Internet and use IP-based applications
such as Telnet or FTP, so their response packets need to be directed appropriately to the
originating host. In this example, the Web server’s IP address is 10.9.250.5. The filter will be
applied in Connection profiles as a data filter.

Configure the first input filter, setting Type to IP Filter and setting Forward to Yes. Configure
the first filter to allow packets to reach the Web server’s destination address at a destination
TCP port that can be used for Telnet or FTP:

Input filters...

In filter=01

Type=IP

Valid=Yes

IP....

Forward=Yes

Protocol=6

Dst Mask=255.255.255.255

Dst Adrs=10.9.250.5

Dst Port Comp=Eql

Dst Port #=80

Advertising
This manual is related to the following products:

3000

Popular Brands
Popular manuals