Technical data
Table Of Contents
- Preface
- Introduction
- Chapter 1. Advanced Topics
- Chapter 2. Planning For Router Configuration
- Important Terminology
- Collect your Configuration Information
- PPP Link Protocol (over ATM or Frame Relay)
- IP Routing Network Protocol
- IPX Routing Network Protocol
- Bridging Network Protocol
- RFC 1483 / RFC 1490 Link Protocols
- IP Routing Network Protocol
- IPX Routing Network Protocol
- Bridging Network Protocol
- MAC Encapsulated Routing: RFC 1483MER / RFC 1490MER Link Protocols
- IP Routing Network Protocol
- FRF8 Link Protocol
- IP Routing Network Protocol
- Dual Ethernet Router Configuration
- General Information
- Configuring the Dual Ethernet Router as a Bridge
- Configuring the Dual Ethernet Router for IP Routing
- Chapter 3. Configuring Router Software
- Configuration Tables
- Configuring PPP with IP Routing
- Configuring PPP with IPX Routing
- Configuring PPP with Bridging
- Configuring RFC 1483 / RFC 1490 with IP Routing
- Configuring RFC 1483 / RFC 1490 with IPX Routing
- Configuring RFC 1483 / RFC 1490 with Bridging
- Configuring MAC Encapsulated Routing: RFC 1483MER / RFC 1490MER with IP Routing
- Configuring FRF8 with IP Routing
- Configuring Mixed Network Protocols
- Configuring a Dual Ethernet Router for IP Routing
- Verify the Router Configuration
- Sample Configurations
- Sample Configuration 1 — PPP with IP and IPX
- Scenario
- Sample Configuration 1 — Diagram for Target Router (SOHO)
- Sample Configuration 1 — Tables For Target Router (SOHO)
- Sample Configuration 1 - Check the Configuration with the “list” Commands
- Information About Names And Passwords
- Sample Configuration 2 — RFC 1483 with IP and Bridging
- Scenario
- Sample Configuration 2 — Diagram for Target Router SOHO
- Sample Configuration 2 — Tables For Target Router (SOHO)
- Sample Configuration 2 - Check the Configuration with the “list” Commands
- Sample Configuration 3 — Configuring a Dual Ethernet Router for IP Routing
- Scenario
- Configuration Tables
- Chapter 4. Configuring Special Features
- Bridging Filtering and IP Firewall
- IP (RIP) Protocol Controls
- DHCP (Dynamic Host Configuration Protocol)
- General Information
- Manipulating Subnetworks and Explicit Client Leases
- Enabling/disabling a subnetwork or a client lease
- Adding subnetworks and client leases
- Setting the lease time
- Manually changing client leases
- Setting Option Values
- Concepts
- Commands for global option values
- Commands for specific option values for a subnetwork
- Commands for specific option values for a client lease
- Commands for listing and checking option values
- BootP
- About BootP and DHCP
- Enable/Disable BootP
- Use BootP to specify the boot server
- Defining Option Types
- Concepts
- Commands
- Configuring BootP/DHCP Relays
- Other Information
- NAT (Network Address Translation)
- Management Security
- Software Options Keys
- Encryption
- IP Filtering
- L2TP Tunneling - Virtual Dial-Up
- Introduction
- L2TP Concepts
- LNS, L2TP Client, LAC, and Dial User
- L2TP Client Example
- LNS and L2TP Client Relationship
- Tunnels
- Sessions
- Configuration
- Preliminary Steps to Configure a Tunnel
- Verification Steps
- Configuration Commands
- PPP Session Configuration
- Sample Configurations
- Simple L2TP Client Configuration Example
- Complete LNS and L2TP Client Configuration Example
- Configuration Process
- Chapter 5. Command Line Interface Reference
- Command Line Interface Conventions
- System Level Commands
- Router Configuration Commands
- Target Router System Configuration Commands (SYSTEM)
- Target Router Ethernet LAN Bridging and Routing (ETH)
- Remote Router Access Configuration (REMOTE)
- Asymmetric Digital Subscriber Line Commands (ADSL)
- Asynchronous Transfer Mode Commands (ATM)
- Dual Ethernet Router Commands (ETH)
- General information
- High-Speed Digital Subscriber Line Commands (HDSL)
- General information about HDSL
- ISDN Digital Subscriber Line (IDSL)
- General information about IDSL
- Symmetric Digital Subscriber Line Commands (SDSL)
- General information about SDSL
- Dynamic Host Configuration Protocol Commands (DHCP)
- L2TP — Virtual Dial-Up Configuration (L2TP)
- Bridging Filtering Commands (FILTER BR)
- Save Configuration Commands (SAVE)
- Erase Configuration Commands (ERASE)
- File System Commands
- Chapter 6. Managing the Router
- Simple Network Management Protocol (SNMP)
- TELNET Remote Access
- Client TFTP Facility
- TFTP Server
- BootP Server
- Boot Code
- Manual Boot Menu
- Access Manual Boot Mode
- Option 1: Retry Start-up
- Option 2: Boot from FLASH Memory
- Option 3: Boot from Network
- Option 4: Boot from Specific File
- Option 5: Configure Boot System
- Option 6: Set Time and Date
- Option 7: Set Console Baud Rate
- Option 8: Start Extended Diagnostics
- Identifying Fatal Boot Failures
- Software Kernel Upgrades
- Backup and Restore Configuration Files
- FLASH Memory Recovery Procedures
- Recovering Passwords and IP Addresses
- Batch File Command Execution
- Chapter 7. Troubleshooting
- Appendix A. Network Information Worksheets
- Configuring PPP with IP Routing
- Configuring PPP with IPX Routing
- Configuring PPP with Bridging
- Configuring RFC 1483 / RFC 1490 with IP Routing
- Configuring RFC 1483 / RFC 1490 with IPX Routing
- Configuring RFC 1483 / RFC 1490 with Bridging
- Configuring RFC 1483MER / RFC 1490MER with IP Routing
- Configuring FRF8 with IP Routing
- Configuring a Dual Ethernet Router for IP Routing
- Appendix B. Configuring IPX Routing
- Index
98
IP Filtering
Note: Filtering is a software option. The following section applies only for routers with this option
.
IP Filtering is a type of Firewall used to control network traffic: the process involves filtering packets received
from one interface then and deciding whether to route them to another interface or discard them.
When filtering packets, the router examines information such as the source and destination address contained in
the IP packet, the type of connection, etc., and then screens (filters) the packets based on this information: packets
are either allowed to be forwarded from one interface to another interface or simply discarded.
IP filtering requires IP routing to be enabled. This type of filtering offers great flexibility and control of IP filters,
but configuration of this feature requires using a series of commands that may appear complex to a casual user.
Filters and Interfaces
Filters are commands used to screen IP packets: packets are simply matched against a series of filters. As a result
of this process, the packets are either allowed to come through the interface/link or are dropped. If no filter
“matches” the incoming packet, the packet is accepted by default.
Filters “operate” at the interface level. Each particular interface has a series of IP filters associated with it and is
defined by 3 types of filters: Input filters, Output filters, and Forward filters. A list of filters is created for each
interface. The following illustrates the filter process.
In the following description of the Input, Forward, and Output phases, the reference numbers associated with
filtering steps match the numbers used in the above illustration.
Input Phase
Output Phase
Forward Phase
Input
Filter
N
A
T
1 2
IP-ES
ICMP
Redirect
Forward
Filters
IP Routing
Table
3
Output
Filter
N
A
T
4 5
Forward filters on
the input interface
Forward filters on
the output interface
Routing
Table
Processing