The IP access control system allows the IP forwarder to control packet forwarding based on source and destination IP addresses, IP protocol number, and on port number for the TCP and UDP protocols. This can control access to particular classes of IP addresses and services.
The IP access control system is based on one global ordered list of inclusive and exclusive access control entries.
If access control is enabled, each IP packet being originated, forwarded, or received is compared to the access control list. Each entry in the list can be inclusive or exclusive, permitting or denying forwarding.
Each entry has fields for source and destination IP address, optional IP protocol number, and optional port number for UDP and TCP. For each received packet, the headers are compared to all specified fields in each entry. If the entry matches the packet and the entry is inclusive, then the packet is forwarded. If the entry is exclusive, the packet is dropped. If no entry in the entry list matches the packet, the packet is dropped.
Each entry has an IP address and mask, and a result, which is the value resulting from a logical AND of the address and mask, for both the source and destination IP address. An address in a received packet will be logically ANDed with the mask in an entry, and compared to the entry's result.
For example, a mask of 255.0.0.0 AND-ed with an address that results in 26.0.0.0 will match any address with 26 in the first byte. A mask of 255.255.255.255 ANDed with an address that results in 192.67.67.20 matches only the IP host 192.67.67.20. A mask of 0.0.0.0 with a result of 0.0.0.0 is a wildcard, and matches any IP address.
This parameter enables or disables IP access control on the router.
Use the IP List Access Control option to view all existing records and obtain the index number.
Enter the index number of the access control to be changed.
Select the Submit button.
This option can also be used to change an existing address' subnet mask.
For non-serial line interfaces:
The subnet mask is ANDed with the IP address to determine subnetting.
Select the Submit button.
Understanding Masks
Wherever the mask contains a zero, for example 0.0.0.0, all traffic is filtered. However, for a mask of 255.255.255.255, all address bits are significant, and the filter applies to a single address or host. For example:
Valid Values: any valid IP address
Default Value: none
Valid Values: any valid IP mask
Default Value: none
Select the Submit button.
You can define the nets or subnets for which your router will accept RIP updates.
This option removes a route from the list of networks that the RIP protocol always accepts.
Enter the IP address that you want to remove.
Valid Values: Any IP address contained in the list of accepted networks.
Default Value: none
Select the Submit button.
Use the IP List Access Control option to view all existing records and obtain the index number.
Enter the index number of the access control you want to delete.
Select the Submit button.
Enter the IP interface address you want to remove.
Valid Values: any valid IP address
Default Value: none
Select the Submit button.
Enter the IP interface address of the Bootp-Server you want to remove.
Valid Values: any valid Bootp-Server IP address
Default Value: 0.0.0.0
Select the Submit button.
The default subnet gateway is the IP address of the next hop to the authoritative router. The default subnet gateway has more complete routing information than the router.
Enter the IP address of the subnet-gateway you want to delete.
Valid Values: any valid IP address
Default Value: 0.0.0.0
Select the Submit button.
Valid Values: any valid IP address
Default Value: 0.0.0.0
Valid Values: 0.0.0.0 - 255.255.255.255
Default Value: none
Select the Submit button.
Enter the packet filter name you want to delete.
Valid Values: any 16-character name.
You can include dashes (-) and underscores (_) in the name.
Default Value: none
Select the Submit button.
Static subnetting means that all subnets in the subnetted network use the same subnet mask. You specify the static routes by entering destination network IP address, destination mask (which determines how the bits within the IP address are used) and next hop IP address.
This option deletes one of the router's configured static routes. The effect of this command is immediate; you do not have to reboot the router for it to take effect.
Valid Values: any valid IP address
Default Value: none
Valid Values: any valid IP mask
Default Value: none
Select the Submit button.
User Datagram Protocol (UDP) enables an application program on one machine or process to send a datagram to an application program on another machine or process.
This option deletes a UDP Forwarding destination address that was configured using the Add UDP-Destination option.
The result is that locally delivered UDP datagrams received at the specified port will not to be forwarded to the specified IP address.
Valid Values: any integer in the range of [0 - 65535]
Default Value: none
Valid Values: any valid IP address
Default Value: none
Select the Submit button.
A static route is an IP address used, together with an address mask, to define the destination. The destination can be a network, a subnet, or a host. When dynamic routing information is not available for a particular destination, these static routes are used.
You can specify if received RIP information may be used to override the router's statically configured routes.
For the RIP protocol, you can disable this override behavior with the Override Static Routes parameter.
The Disable Override Static-Routes option prevents RIP information received on the interface with the specified interface address from overriding any of the router's statically configured routes.
Enter the interface address that you want to prevent override static routes on.
Valid Values: any valid IP address
Default Value: none
Select the Submit button.
The default gateway is the IP address of the next hop to the authoritative router. The default gateway has more complete routing information than the router.
This parameter prevents received RIP information from overriding the router's default gateway. This parameter is invoked on a per-IP-interface basis. When this parameter is disabled, default RIP routes received on the interface will not overwrite the router's current default gateway.
Enter the interface address for which you want to disable override default.
Valid Values: any valid IP address
Default Value: none
Select the Submit button.
Enter the name of the packet filter you want to disable.
Valid Values: Any 16-character name.
You can include dashes (-) and underscores (_) in the name.
Default Value: None
Select the Submit button.
Enter the interface address that you want to prevent from receiving RIP packets.
Valid Values: any valid IP address
Default Value: none
Select the Submit button.
Enter the interface address that you want to prevent from receiving RIP updates by default.
Valid Values: any valid IP address
Default Value: none
Select the Submit button.
If you disable receive dynamic hosts, RIP updates received on the specified interface cannot accept any host routes unless they have previously been added in the RIP Route Acceptance panel.
Enter the interface address that you want to prevent from receiving host routes.
Valid Values: any valid IP address
Default Value: none
Select the Submit button.
This parameter modifies the processing of RIP updates that are received on a particular interface. If this parameter is disabled, RIP updates for network-level routes received on the interface are not accepted unless they have previously been specified through the Network Address parameter on the RIP Route Acceptance panel.
Enter the interface address that you want to prevent from receiving RIP updates for network-level routes.
Valid Values: any valid IP address
Default Value: none
Select the Submit button.
This parameter modifies the processing of RIP updates that are received on a particular interface. If this parameter is disabled, RIP updates for subnetwork-level routes received on the interface are not accepted unless they have previously been specified through the Network Address parameter on the RIP Route Acceptance panel.
Enter the interface address that you want to prevent from receiving RIP updates for subnetwork-level routes.
Valid Values: any valid IP address
Default Value: none
Select the Submit button.
RIP routes sent out an interface are host-routes, static-routes, net-routes, and subnet-routes. You can turn these off individually using other IP Disable Sending options.
Enter the interface address that you want to prevent from sending RIP updates for all routes.
Valid Values: any valid IP address
Default Value: none
Select the Submit button.
The RIP routes sent out an interface are host-routes, static-routes, net-routes, and subnet-routes. You can turn these off individually using other IP Disable Sending options.
Enter the interface address that you want to prevent from sending RIP updates for default routes.
Valid Values: any valid IP address
Default Value: none
Select the Submit button.
The RIP routes sent out an interface are host-routes, static-routes, net-routes, and subnet-routes. You can turn these off individually using other IP Disable Sending options.
Enter the interface address that you want to prevent from sending RIP updates for network-level routes.
Valid Values: any valid IP address
Default Value: none
Select the Submit button.
The RIP routes sent out an interface are host-routes, static-routes, net-routes, and subnet-routes. You can turn these off individually using other IP Disable Sending options.
Enter the interface address that you want to prevent from sending RIP updates for host-level routes.
Valid Values: any valid IP address
Default Value: none
Select the Submit button.
Enter the interface address that you want to prevent from sending RIP updates for static routes.
Valid Values: any valid IP address
Default Value: none
Select the Submit button.
The RIP routes sent out an interface are host-routes, static-routes, net-routes, and subnet-routes. You can turn these off individually using other IP Disable Sending options.
Enter the interface address that you want to prevent from sending RIP updates for subnetwork-level routes.
Valid Values: any valid IP address
Default Value: none
Select the Submit button.
Prevents the router from including poisoned reverse routes in RIP updates sent out on the specified interface.
Enter the interface address that you want to prevent from sending RIP updates for poisoned reverse routes.
Valid Values: any valid IP address
Default Value: none
Select the Submit button.
Enter the port number that you want to disable UDP forwarding.
Valid Values: an integer in the range of [0 - 65535]
Default Value: 0
Select the Submit button.
The maximum number of forwarding hops is the maximum number of allowable BOOTP agents that can forward a BOOTP request from the client to the Server (this is not the maximum number of IP hops to the server).
Default Value: 4
The Bootp client copies its Ethernet address (or appropriate MAC address) into a Bootp request packet and broadcasts it onto the local LAN. The Bootp relay agent (the router) receives the packet and checks to see if the packet is well formatted and that the maximum number of application hops has not expired. It also checks to see if the Bootp client has been trying long enough.
This parameter specifies the number of seconds you want the Bootp client to retry before the router, acting as a Bootp relay agent, forwards the Bootp request to the server through another path. Use this parameter when there is a redundant path between the Bootp client and the server, and you want to use the secondary path as a standby. This parameter is not commonly used. A typical value for this parameter is 0.
Default Value: 0
Use this parameter when there is a redundant path between the client and the server, and you want to use the secondary paths as a standby.
Select the Submit button.