Cabletron Systems CSX1000 Manual Do Utilizador

USER’S GUIDE

256 CyberSWITCH

XAMPLE

IP F

ILTER

ONFIGURATION

This example provides a simple filtering scenario in which a corporate LAN utilizes a
CyberSWITCH to provide WAN access to both dial-in devices as well as the global Internet. A
Netserver resides on the LAN to provide configuration support for the CyberSWITCH. Also on the
LAN are an anonymous FTP server and a WWW server.

The following are the requirements/restrictions to be addressed by IP filters:
•

No outside access allowed to the Netserver or the CyberSWITCH.

•

The FTP and WWW servers must be accessible from anywhere.

•

Corporate hosts (including dial-in devices) may initiate TCP-based sessions with the Internet,
but not vice-versa. This covers the main IP applications such as TELNET, FTP, SMTP server
and HTTP. An assumption for FTP is that the client program supports the “PASV” option, in
which the data-transfer TCP connection is initiated by the client.

•

No UDP traffic.

The interface to the Internet is via a numbered IP interface, which has the following filter applied
to its Input stage. Using a final action of DISCARD, the strategy for the filter is to restrict everything
but an explicitly permitted set of traffic.

128.131.25.10

128.131.25.12

128.131.25.11

128.131.25.15

193.57.50.1

Remote User

Internet

FTP

Server

SFVRA

Manager

WWW

Server

Host

ISDN

CSX1200

POWER

SERVICE

10BASE - T

LAN B-CHANNELS E1 ONLY

B2 B4

B6 B8

B26 B28

B22 B24

B18 B20

B14 B16

B10 B12

B30 L1

B1 B3

B5 B7

B25 B27

B21 B23

B17 B19

B13 B15

B9 B11

B29 B31