[ Pobierz całość w formacie PDF ]
Ethertype (Type) filtering is the next level of filtering that the CDM checks if you are
not using security groups. The following hierarchy exists within Type filtering:
" IP only forwarding
If IP only is enabled, the CDM makes no further filtering decisions.
" Novell filtering
If Novell filtering is enabled, the CDM makes no further filtering decisions.
" Specific Type filter (Ethertype, DSAP, or SSAP)
If Type filtering is enabled, the CDM makes no further filtering decisions (i.e., IP
filtering).
Level Three: IP filtering
2131-0120 Rev 00 2-9
LCP Network Management Guide
If security groups and Type filtering are not enabled, the CDM checks to determine
whether IP filtering is enabled. It checks in the following order and makes no further
decision when it finds an IP filtering type enabled:
IP Address filtering
IP Port filtering
IP Protocol filtering
IP Options filtering
IGMP filtering
Subsequent sections describe Type and IP filtering. Refer to the previous section,
Security Groups, for information about security group filtering.
Setting Filtering Variables
The procedure for setting Type and IP filtering variables is the same for each filter. You
can create the filter using the LCn Access Server Filter Data option or through the Filters
menu in the SNMPc.
The next section describes using the LCn to set up filters. Each filtering section includes
the SNMPc procedure specific to that filter.
Setting Filter Values Using the LCn Filter Data Option
To create filters or specify filter variables using the LCn Access Server:
1. Access the LANcity Access Server Main Menu.
2. Click Filter Data. The Select Filter dialog box appears.
3. Click Add New. The Add New Filter dialog box appears.
4. Select the filter type you want and type a name for the new filter; then click Create.
The Add Filter window for the filter you selected appears, similar to the sample shown
in Figure 2-6.
2-10 2131-0120 Rev 00
Security Groups and Filtering
Figure 2-5 Sample LCn Add Filter Window
Most of the LCn Add Filter windows display the name you entered and the control
information at the top of the window.
5. Specify the variables for the filter you selected. Tables in subsequent sections describe
the variables associated with each filter.
Type Filtering
Type (Ethertype) filtering allows you to specify the type of Ethernet packets that can be
transmitted and received by a particular CDM. You can allow forwarding of only IP
protocol packets, all types of Novell packets, packets that are Ethertype, DSAP, or SSAP.
2131-0120 Rev 00 2-11
LCP Network Management Guide
Example
Considering the CDMs shown in Figure 2-1, suppose you wanted a particular CDM or
client in Hospital A, Hospital B, and the rehab facility to receive all information about the
latest in medical research and the key source of that information was from a company
using a Novell server. Using Type filtering, you could block all data packets other than
Novell to the specified clients.
Before you set up the filters, you may want to select one CDM that is configured with the
clients. Also, apply the filter to the client CDMs only. The following procedure illustrates
how you set the variables for the example.
To enable Type filtering:
1. Access the SNMPc desktop.
2. Select client CDMs for which you want to create a filter.
3. Choose Manage>LCP/LCb V3.xx And Up>Configuration>Filters>
Type Filter Control. The Type Filter Control Information window (Figure 2-7)
appears.
Figure 2-6 Type Filter Control Information Window
4. Select On in the Control box to enable Type filtering, then click Set.
5. Select Off in the IPOnly box, then click Set.
6. Select Block to block Novell traffic. If Control is set to On and IP Only is set to on,
you should select Block, then click Set.
7. Select Pass in the Novell box, then click Set.
8. Click Block in the Action on No Match box to prevent the passing of non-Novell
packets, then click Set.
2-12 2131-0120 Rev 00
Security Groups and Filtering
9. Click Set All to store your entry.
10. Click Done to return to the SNMPc desktop.
You do not need to make Type Filter table entries because you enable Novell filtering on
the Control window. If you were enabling a specific Ethertype, DSAP, or SSAP filter, you [ Pobierz całość w formacie PDF ]
zanotowane.pl doc.pisz.pl pdf.pisz.pl szkicerysunki.xlx.pl
Ethertype (Type) filtering is the next level of filtering that the CDM checks if you are
not using security groups. The following hierarchy exists within Type filtering:
" IP only forwarding
If IP only is enabled, the CDM makes no further filtering decisions.
" Novell filtering
If Novell filtering is enabled, the CDM makes no further filtering decisions.
" Specific Type filter (Ethertype, DSAP, or SSAP)
If Type filtering is enabled, the CDM makes no further filtering decisions (i.e., IP
filtering).
Level Three: IP filtering
2131-0120 Rev 00 2-9
LCP Network Management Guide
If security groups and Type filtering are not enabled, the CDM checks to determine
whether IP filtering is enabled. It checks in the following order and makes no further
decision when it finds an IP filtering type enabled:
IP Address filtering
IP Port filtering
IP Protocol filtering
IP Options filtering
IGMP filtering
Subsequent sections describe Type and IP filtering. Refer to the previous section,
Security Groups, for information about security group filtering.
Setting Filtering Variables
The procedure for setting Type and IP filtering variables is the same for each filter. You
can create the filter using the LCn Access Server Filter Data option or through the Filters
menu in the SNMPc.
The next section describes using the LCn to set up filters. Each filtering section includes
the SNMPc procedure specific to that filter.
Setting Filter Values Using the LCn Filter Data Option
To create filters or specify filter variables using the LCn Access Server:
1. Access the LANcity Access Server Main Menu.
2. Click Filter Data. The Select Filter dialog box appears.
3. Click Add New. The Add New Filter dialog box appears.
4. Select the filter type you want and type a name for the new filter; then click Create.
The Add Filter window for the filter you selected appears, similar to the sample shown
in Figure 2-6.
2-10 2131-0120 Rev 00
Security Groups and Filtering
Figure 2-5 Sample LCn Add Filter Window
Most of the LCn Add Filter windows display the name you entered and the control
information at the top of the window.
5. Specify the variables for the filter you selected. Tables in subsequent sections describe
the variables associated with each filter.
Type Filtering
Type (Ethertype) filtering allows you to specify the type of Ethernet packets that can be
transmitted and received by a particular CDM. You can allow forwarding of only IP
protocol packets, all types of Novell packets, packets that are Ethertype, DSAP, or SSAP.
2131-0120 Rev 00 2-11
LCP Network Management Guide
Example
Considering the CDMs shown in Figure 2-1, suppose you wanted a particular CDM or
client in Hospital A, Hospital B, and the rehab facility to receive all information about the
latest in medical research and the key source of that information was from a company
using a Novell server. Using Type filtering, you could block all data packets other than
Novell to the specified clients.
Before you set up the filters, you may want to select one CDM that is configured with the
clients. Also, apply the filter to the client CDMs only. The following procedure illustrates
how you set the variables for the example.
To enable Type filtering:
1. Access the SNMPc desktop.
2. Select client CDMs for which you want to create a filter.
3. Choose Manage>LCP/LCb V3.xx And Up>Configuration>Filters>
Type Filter Control. The Type Filter Control Information window (Figure 2-7)
appears.
Figure 2-6 Type Filter Control Information Window
4. Select On in the Control box to enable Type filtering, then click Set.
5. Select Off in the IPOnly box, then click Set.
6. Select Block to block Novell traffic. If Control is set to On and IP Only is set to on,
you should select Block, then click Set.
7. Select Pass in the Novell box, then click Set.
8. Click Block in the Action on No Match box to prevent the passing of non-Novell
packets, then click Set.
2-12 2131-0120 Rev 00
Security Groups and Filtering
9. Click Set All to store your entry.
10. Click Done to return to the SNMPc desktop.
You do not need to make Type Filter table entries because you enable Novell filtering on
the Control window. If you were enabling a specific Ethertype, DSAP, or SSAP filter, you [ Pobierz całość w formacie PDF ]