Avaya P580 User Manual page 413
Multiservice switches
Hide thumbs
Also See for P580:
- User manual addendum (50 pages) ,
- Manual (12 pages) ,
- User manual (782 pages)
Table of Contents
Advertisement
How Packets are
Processed
What are
Wildcards?
What is TCP
Established?
Document No. 650-100-700, Issue 1
Numbers 100 through 199 are reserved for Extended type Rules
ONLY. So, for example, if you try to create a Standard Rule whose
ACL Name is 100, it will be rejected.
ACL names that contain any letter (Alphabetic) character, can be
either Standard or Extended.
You cannot mix ACL types in a list. This means that if you create an
ACL with a Standard Rule with ACL Name Test1, you cannot create
an Extended Rule in ACL Test1. If you do, you will receive the
following message:
Access Rule Name is already being used by the other
type.
Choose a different name and try again
Assuming an ACL is active, when a packet arrives on the Avaya
Multiservice switch, the parameters in the packet are compared to the
parameters in the Access Rule starting with the lowest index number. If
there is a match, that rule is applied to the packet and the search stops.
If the 5-tuple's of the packet and rule do not match, the next (higher index)
rule is compared. This process continues until a match is found, or there are
no more rules. There is an implied permit all at the end of every list.
Therefore, if no match is found, the packet is forwarded with the priority
un-changed.
Wildcards are a template that govern which part of an IP address is
significant when evaluating a rule. When you create a rule based on source
or destination IP address, you must also specify the Wildcard.
Wildcards are in principal, the same as a subnet mask. The differences are
you invert the mask's bits and there is no requirement of contiguous bits.
For Example: a decimal wildcard of 0.255.0.255 is allowed.
For example: If you want to create a rule that blocks all traffic on the
192.168.24.0 (subnet mask 255.255.255.0) network, you would specify a
Wildcard of 0.0.0.255 in the rule.
If you wanted to block traffic from a specific host whose IP address was
192.168.24.143 (subnet mask 255.255.255.0) you would specify a Wildcard
of 0.0.0.0. This mask "tells" the supervisor to evaluate the entire IP address
when evaluating a packet against the rule.
TCP Established is a criteria applied by a rule where the "Acknowledge" bit
in a TCP header is examined. If this option is not "checked", the rule will
apply to the packets whose Acknowledge bit is clear (0). If the option is
checked, packets that have the Acknowledge bit set will be affected by the
rule.
Configuring Access Lists
13-3
Advertisement
Table of Contents
