Avocent Access Router Cyclades-PR1000 Manuel D’Utilisation
93
Cyclades-PR1000
Chapter 12 - Filters and Rules
The configuration for “Stop forged packets” is shown in the following listing:
Rules Lists
Rule List Name Rule Default List Linked
Status Scope Type Rule List
Status Scope Type Rule List
Slot1_in Enabled Permit Filter
--------------------------------------------------------------------------------
FILTER_LIST NAME: Slot1_in
FILTER_LIST NAME: Slot1_in
## PROT OP Source IP Address OP SRC PORT CNX ACC LOG SC STA
Destination IP Address DST PORT
Destination IP Address DST PORT
0 - == 192.168.0.0 255.255.0.0 -- Y N - D EN
-- --
-- --
Slot1_in, rule 0
, prohibits any incoming packets with source IP addresses of the internal network. Since the
addresses used for internal networks cannot be routed on the Internet, they cannot be valid unless there is a leak
of traffic through another router to the perimeter network.
of traffic through another router to the perimeter network.
Imagine that, as shown in the figure, the network is expanded and another range of IP addresses is used (not a sub-
network).
network).
Rule 0
in the list
Slot1_in
will not protect this network. Either another rule can be added to this list, or the
new router can filter packets into its area (or both).
Traffic Rule Lists
There are three kinds of traffic rules that can be configured in CyROS. The first two determine a division of bandwidth
for traffic flowing out of the router:
for traffic flowing out of the router: