(ASCEND) MAXTNT Filter Problem

["K.R.Kumar" <krkumar@pacific.net.sg>]

-- 


It's easier to make a working system efficient than
to make an efficient system work.

*************************************************** 

K.R.Kumar                   email:krkumar@pacific.net.sg
Pacific Internet Pte Ltd.,  Phone:872 0322
89 Science Park Drive       Fax  :773 6812
#04-09 / 12 The Rutherford,
Singapore Science Park,
Singapore - 118261.

***************************************************
Helo everyone,

We are trying to apply filter in one of MAX TNT. 
(Running OS 1.3A) After setting filter we can't even ping to our 
gateway. We can ping only to ethernet interface of MaxTnt.


   MAX TNT  --------   Cisco Switch   ------ Router


Any help is much appreciated .




 The filter condition is  very simple and straightforward :

a) Allow only one subnet range can telnet into MaxTnt.
b) IP spoofing , allow only wan pool IP of source address can 
   pass through MAXTNT.


***  IP INterface ***

dmin> read ip-int {{ 1 2 5}0}
IP-INTERFACE/{ { shelf-1 slot-2 5 } 0 } read
admin> list
interface-address* = { { shelf-1 slot-2 5 } 0 }
ip-address = 10.10.90.10/24
proxy-mode = Off
rip-mode = routing-off
route-filter = ""
rip2-use-multicast = yes
ospf = { no 0.0.0.0 normal 10 40 5 simple ascend0 1 16777215 type-1 c0:00:00:00+
multicast-allowed = no
multicast-rate-limit = 100
atmp = { atmp-disabled atmp-home-agent-router 0 "" no }

***  Default Route defined here ***

admin> read ip-route default
IP-ROUTE/default read
admin> list
name* = default
dest-address = 0.0.0.0/0
gateway-address = 10.10.90.1
metric = 1
cost = 1
preference = 60
third-party = no
ase-type = type-1
ase-tag = c0:00:00:00
private-route = yes
active-route = yes
ase7-adv = N/A


*** Filter name ***`


admin> dir filter
   379  09/11/1997 08:32:23  ip-filter


***   Input Filter Def 1. ***

admin> list input 1
valid-entry = yes
forward = yes
^^^^^^^^^^^^^
Type = ip-filter
gen-filter = { 0 0 no no 00:00:00:00:00:00:00:00:00:00:00:00 00:00:00:00:00:00:+
ip-filter = { 6 255.255.255.0 10.10.89.0 255.255.255.255 10.10.90.10 none +
route-filter = { 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0 none }
admin> list ip-filter
protocol = 6
source-address-mask = 255.255.255.0
source-address = 10.10.89.0
dest-address-mask = 255.255.255.255
dest-address = 10.10.90.10
Src-Port-Cmp = none
source-port = 0
Dst-Port-Cmp = eql
dest-port = 23
tcp-estab = no


     ***   Input Filter Def 2. ***

admin> list inpu 2
valid-entry = yes
forward = no
^^^^^^^^^^^^
Type = ip-filter
gen-filter = { 0 0 no no 00:00:00:00:00:00:00:00:00:00:00:00 00:00:00:00:00:00:+
ip-filter = { 6 0.0.0.0 0.0.0.0 255.255.255.255 10.10.90.10 none 0 eql 23 no+
route-filter = { 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0 none }
admin> list ip-filter
protocol = 6
source-address-mask = 0.0.0.0
source-address = 0.0.0.0
dest-address-mask = 255.255.255.255
dest-address = 10.10.90.10
Src-Port-Cmp = none
source-port = 0
Dst-Port-Cmp = eql
dest-port = 23
tcp-estab = no



*** Ouput filter ***


dmin> list output 1
valid-entry = yes
forward = yes
^^^^^^^^^^^^^
Type = generic-filter
gen-filter = { 0 0 no no 00:00:00:00:00:00:00:00:00:00:00:00 00:00:00:00:00:00:+
ip-filter = { 0 255.255.255.0 10.10.91.0 0.0.0.0 0.0.0.0 none 0 none 0 no }
route-filter = { 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0 none }
admin> list ip-filter
protocol = 0
source-address-mask = 255.255.255.0
source-address = 10.10.91.0
dest-address-mask = 0.0.0.0
dest-address = 0.0.0.0
Src-Port-Cmp = none
source-port = 0
Dst-Port-Cmp = none
dest-port = 0
tcp-estab = no


***  Filter Applied here ***

admin> read ether { 1 2 5}
ETHERNET/{ shelf-1 slot-2 5 } read
admin> list
interface-address* = { shelf-1 slot-2 5 }
mac-address = 00:c0:7b:68:ad:1c
link-state = up
link-state-enabled = no
enabled = yes
ether-if-type = utp
filter-name = "ip-filter"




Regds
K.R.Kumar

---

• Prev by Date: Re: (ASCEND) VISA
• Next by Date: (ASCEND) MAX stacking
• Prev by thread: Re: (ASCEND) cisco762 ---> ascend .... yuk
• Next by thread: (ASCEND) Max TNT 100BaseT
• Index(es):
  • Main
  • Thread