Manualshelf

User's Manual

ManualsBrandsSkspruce Technologies ManualsElectronicsOutdoor Access Point
51525354555657585960
47JadeOSUserManual
Step 2 Deny tcp traffic from 60.0.0.0/255.255.255.0 to 192.168.10.0/255.255.255.0
with port range 1-1023.
(JadeOS) (config-std-test-extended)# deny tcp 60.0.0.0 255.255.255.0 192.168.10.0
255.255.255.0 range 1 1023
Step 3 Permit all the tcp port 80 traffic to 192.168.10.0/255.255.255.0.
(JadeOS) (config-std-test-extended)# permit tcp any 192.168.10.0 255.255.255.0 eq
7.1.3 Session ACL
Session ACL can specify the operation is ‘deny’ or ‘drop’; the matched rule are pro-
tocol number, source IP address or network segment, destination IP address or net-
work segment and range of port number. Based on five elements (protocol, source IP
address, source port number, destination IP address), session ACL can track all the
data of this session to achieve the complex function, such as SNAT, DNAT.
Session ACL is used to control user authentication. Please refer to Chapter 9 for more
information.
Step 1 Create a session ACL named test-session
(JadeOS) (config)#ip access-list standard test-session
Step 2 All the traffic from 192.168.20.0/255.255.255.0 will be translated by SNAT
function. NAT-POOL is used by NAT pool. (Please refer to chanter 7.3 for how to cre-
ate NAT pool)
(JadeOS) (config-std-test-extended)# network 192.168.20.0 255.255.255.0 any any src-nat pool
NAT_POOL
Step 3: All the traffic from 192.168.30.0/255.255.255.0 will be translated to address
10.10.10.134 by DNAT function.
(JadeOS) (config-std-test-extended)# network 192.168.30.0 255.255.255.0 any any dst-nat ip
10.10.10.134
7.2 Session
JadeOS will maintain a session table for each session. The session table is based on
five elements (protocol, source IP address, source port number, destination IP address).
When the system receives the first data packet of the session, it will create a session
table for the session. Based on this session, the following data packet will be uni-
formly handled by JadeOS, for example, SNAT will be transferred to the same ad-
dress by NAT function. When the session is terminated (for example, monitor tcp fin
message) or timeout (no traffic for a long time), session table will be deleted.