Security Policies - Apollo VioNet 3000 series User Manual And Instruction Manual

IP.070 The IP routing cache entry for the listed destination has been cleared.
IP.072 This message is generated when an attempt is made to forward an IP packet that was received as a link
level broadcast/multicast. Such packets are not forwarded, and are discarded without even sending back an
ICMP message to the source.
IP.073 This message is generated when an attempt is made to copy a packet for one of the router's internal
applications (e.g., during multicast forwarding), and the router is unable to get a buffer. The requested
service then fails.
IP.078 This message is generated when a IP packet matches none of the access control records. The packet will
be dropped.
IP.079 This message is generated when a IP packet matches none of the access control records. The packet will
be dropped.
IP.080 A new router has been discovered, either through static configuration, an ICMP redirect, RIP or ICMP router
discovery. This message is produced only when running as an IP host (i.e., when IP routing disabled).
IP.081 An IP address was configured for a type of network which currently doesn't support IP.
IP.082 This message is generated when a packet's indicated length is below the minimum possible length. The
packet is discarded.
Cause Most likely, this packet has been incorrectly formatted by the source.
IP.083 This message is generated when a IP packet matches one of the exclusive access control entries. The
packet will be dropped. The record_number is the number of the access control record matched, or zero for
no record (end-of-list). The cache_status will be ''cache-hit'' or ''cache-miss''.
IP.084 This message is generated when a IP packet matches one of the inclusive access control entries. The
packet may be forwarded. The record_number is the number of the access control record matched. The
cache_status will be ''cache-hit'' or ''cache-miss''.
IP.085 This message is generated when a IP packet matches one of the TCP or UDP exclusive access control
entries. The packet will be dropped. The record_number is the number of the access control record
matched, or zero for no record (end-of-list). The cache_status will be ''cache-hit'' or ''cache-miss''.
IP.086 This message is generated when a IP packet matches one of the TCP or UDP inclusive access control
entries. The packet may be forwarded. The record_number is the number of the access control record
matched. The cache_status will be ''cache-hit'' or ''cache-miss''.
IP.087 Message is generated when a IP packet does not match the access-group per-interface access control list.
9.2

Security Policies

9.2.1 Access Lists
The routers use access control lists (ACL) to identify traffic passing through them.
The access lists can filter the packet or routes flow passing through the router interfaces.
An IP access list is a sequential list of permission or negation conditions which are applied to source or
destination IP addresses, source or destination ports or to higher layer IP protocols such as IP, TCP etc.
These can separate the traffic into different queues according to priority.
Types of access lists:
Standard (1 – 99): checks the source addresses of those packets requesting routing.
Extended (100 – 1999): checks both the source and destination addresses of each packet. This can also
verify specific protocols, number of ports and other parameters.
The access lists can be applied at both the input (so avoiding router overload) as well as the output.
An access control list itself does not imply a filter to limit the packet flow in the router. The Access Control
Lists must be associated to a protocol. The protocol used by an Access Control List is used as a tool
permitting traffic filters to be established.
The Access Control Lists indicate to the associated protocol the entry search results. The reception search
result for a packet can be:
Page 132
Apollo Video Technology
th
Avenue Southeast – Bothell, WA 98021-8990
24000-35
Toll Free: 888-AVT-USA1; Tel: 425.483.7100; Fax: 425.483.7200
www.apollovideo.com