How packets are processed, What are wildcards, What is tcp established – Avaya P580 User Manual
Page 305
Avaya P550R, P580, P880, and P882 Multiservice Switch User Guide, v5.3.1
9-19
Configuring IP Routing
How Packets
are Processed
Assuming an ACL is active, when a packet arrives on the Avaya
Multiservice switch, the parameters in the packet are compared to
the parameters in the Access Rule starting with the lowest index
number. If there is a match, that rule is applied to the packet and the
search stops.
If the 5-tuple’s of the packet and rule do not match, the next (higher
index) rule is compared. This process continues until a match is
found, or there are no more rules. There is an implied permit all at
the end of every list. Therefore, if no match is found, the packet is
forwarded with the priority un-changed.
What are
Wildcards?
Wildcards are a template that govern which part of an IP address is
significant when evaluating a rule. When you create a rule based on
source or destination IP address, you must also specify the Wildcard.
Wildcards are in principal, the same as a subnet mask. The
differences are you invert the mask’s bits and there is no
requirement of contiguous bits. For Example: a decimal wildcard of
0.255.0.255 is allowed.
For example: If you want to create a rule that blocks all traffic on the
192.168.24.0 (subnet mask 255.255.255.0) network, you would
specify a Wildcard of 0.0.0.255 in the rule.
If you wanted to block traffic from a specific host whose IP address
was 192.168.24.143 (subnet mask 255.255.255.0) you would
specify a Wildcard of 0.0.0.0. This mask “tells” the supervisor to
evaluate the entire IP address when evaluating a packet against the
rule.
What is TCP
Established?
TCP Established is a criteria applied by a rule where the
“Acknowledge” bit in a TCP header is examined. If this option is not
“checked”, the rule will apply to the packets whose Acknowledge bit
is clear (0). If the option is checked, packets that have the
Acknowledge bit set will be affected by the rule.
The Acknowledge bit in the TCP header, when 0, indicates that the
packet is an initial “call” to the destination. The host sending the
message will clear the bit (0). The host that responds to the message
will set the bit(1) indicating this message is a response. Effectively
the call is now “Established”. All subsequent packets between these
two hosts for this session will have the Acknowledge bit set.
For example: Suppose the Avaya Multiservice switch has interfaces
to “Outside” networks as well as interfaces to “Inside” networks. The