Table of Contents
Advertisement
Prestige 1600 Universal Access Concentrator
enabled, the inside IP address and port number are replaced on a connection-by-connection basis, which makes it
impossible to know the exact address and port on the wire. Therefore, the Prestige applies the protocol filters to the
"native" IP address and port number before NAT for outgoing packets and after NAT for incoming packets. On the
other hand, the generic, or device filters are applied to the raw packets that appear on the wire. They are applied at
the point when the Prestige is receiving and sending the packets; i.e. the interface. The interface can be an Ethernet
port or any other hardware port. The following diagram illustrates this.
Figure 10-5 Protocol and Device Filter Sets
To speed up filtering, all rules in a filter set must be of the same type, i.e., Protocol filters or Device filters. The
class of a filter set is determined by the first rule that you create. When applying the filter sets to a port, separate
menu fields are provided for protocol and device filter sets. If you include a protocol filter set in a device filters
field or vice versa, the Prestige will warn you and will not allow you to save.
10.5.1 TCP/IP Filter Rule
This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fields
in the IP and the upper layer protocol, e.g., UDP and TCP, headers.
To configure a TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press Enter to open Menu
21.1.1 - TCP/IP Filter Rule, as shown next.
Filter Configuration
10-6
Advertisement
Table of Contents
Troubleshooting
