IP Change Access Control

The IP access control system allows the IP forwarder to control packet forwarding based on source and destination IP addresses, IP protocol number, and on port number for the TCP and UDP protocols. This can control access to particular classes of IP addresses and services.

The IP access control system is based on one global ordered list of inclusive and exclusive access control entries.

If access control is enabled, each IP packet being originated, forwarded, or received is compared to the access control list. Each entry in the list can be inclusive or exclusive, permitting or denying forwarding.

Each entry has fields for source and destination IP address, optional IP protocol number, and optional port number for UDP and TCP. For each received packet, the headers are compared to all specified fields in each entry. If the entry matches the packet and the entry is inclusive, then the packet is forwarded. If the entry is exclusive, the packet is dropped. If no entry in the entry list matches the packet, the packet is dropped.

Each entry has an IP address and mask, and a result, which is the value resulting from a logical AND of the address and mask, for both the source and destination IP address. An address in a received packet will be logically ANDed with the mask in an entry, and compared to the entry's result.

For example, a mask of 255.0.0.0 AND-ed with an address that results in 26.0.0.0 will match any address with 26 in the first byte. A mask of 255.255.255.255 ANDed with an address that results in 192.67.67.20 matches only the IP host 192.67.67.20. A mask of 0.0.0.0 with a result of 0.0.0.0 is a wildcard, and matches any IP address.

This parameter enables or disables IP access control on the router.

Use the IP List Access Control option to view all existing records and obtain the index number.

Enter the index number of the access control to be changed.

Select the Submit button.


IP Change Address

Modifies one of the router's IP interface addresses. You must specify each new address together with the new address' subnet mask.

This option can also be used to change an existing address' subnet mask.

For non-serial line interfaces:

For serial line interfaces: Use these address guidelines to:

  1. Enter the Address to be changed.

  2. Enter the New address.

  3. Enter the new Address mask.

The subnet mask is ANDed with the IP address to determine subnetting.

Select the Submit button.


IP Change Route

Modifies the subnet mask associated with a configured static network/subnet route. The effect of this option is immediate; you do not have to reboot the router for it to take effect.

Understanding Masks

Wherever the mask contains a zero, for example 0.0.0.0, all traffic is filtered. However, for a mask of 255.255.255.255, all address bits are significant, and the filter applies to a single address or host. For example:

  1. Enter the IP destination address you want to change.

    Valid Values: any valid IP address

    Default Value: none

  2. Enter the Address mask.

    Valid Values: any valid IP mask

    Default Value: none

Select the Submit button.


IP Delete Accept-RIP-Route

You can define the nets or subnets for which your router will accept RIP updates.

This option removes a route from the list of networks that the RIP protocol always accepts.

Enter the IP address that you want to remove.

Valid Values: Any IP address contained in the list of accepted networks.

Default Value: none

Select the Submit button.


IP Delete Access-Control

Deletes one of the access control records from the global access control list.

Use the IP List Access Control option to view all existing records and obtain the index number.

Enter the index number of the access control you want to delete.

Select the Submit button.


IP Delete Address

Deletes one of the router's IP interface addresses.

Enter the IP interface address you want to remove.

Valid Values: any valid IP address

Default Value: none

Select the Submit button.


IP Delete Bootp-Server

Removes a BOOTP server from an IP configuration.

Enter the IP interface address of the Bootp-Server you want to remove.

Valid Values: any valid Bootp-Server IP address

Default Value: 0.0.0.0

Select the Submit button.


IP Delete Default Subnet-Gateway

Deletes the default subnet gateway for the specified subnetted network.

The default subnet gateway is the IP address of the next hop to the authoritative router. The default subnet gateway has more complete routing information than the router.

Enter the IP address of the subnet-gateway you want to delete.

Valid Values: any valid IP address

Default Value: 0.0.0.0

Select the Submit button.


IP Delete Filter

Deletes one of the router's filters. The effect of this option is immediate; you do not have to reboot the router for it to take effect.

  1. Enter the IP destination address of the filter you want to delete.

    Valid Values: any valid IP address

    Default Value: 0.0.0.0

  2. Enter the Address mask.

    Valid Values: 0.0.0.0 - 255.255.255.255

    Default Value: none

Select the Submit button.


IP Delete Packet-Filter

Deletes a specified packet-filter from the router's configuration.

Enter the packet filter name you want to delete.

Valid Values: any 16-character name.

You can include dashes (-) and underscores (_) in the name.

Default Value: none

Select the Submit button.


IP Delete Route

Static subnetting means that all subnets in the subnetted network use the same subnet mask. You specify the static routes by entering destination network IP address, destination mask (which determines how the bits within the IP address are used) and next hop IP address.

This option deletes one of the router's configured static routes. The effect of this command is immediate; you do not have to reboot the router for it to take effect.

  1. Enter the IP address of the static route you want to delete.

    Valid Values: any valid IP address

    Default Value: none

  2. Enter the subnet mask of the static route you want to delete.

    Valid Values: any valid IP mask

    Default Value: none

Select the Submit button.


IP Delete UDP-Destination

User Datagram Protocol (UDP) enables an application program on one machine or process to send a datagram to an application program on another machine or process.

This option deletes a UDP Forwarding destination address that was configured using the Add UDP-Destination option.

The result is that locally delivered UDP datagrams received at the specified port will not to be forwarded to the specified IP address.

  1. Enter the UDP port number to be deleted.

    Valid Values: any integer in the range of [0 - 65535]

    Default Value: none

  2. Enter the Destination IP address to be deleted.

    Valid Values: any valid IP address

    Default Value: none

Select the Submit button.


IP Disable Override Static-Routes

A static route is an IP address used, together with an address mask, to define the destination. The destination can be a network, a subnet, or a host. When dynamic routing information is not available for a particular destination, these static routes are used.

You can specify if received RIP information may be used to override the router's statically configured routes.

For the RIP protocol, you can disable this override behavior with the Override Static Routes parameter.

The Disable Override Static-Routes option prevents RIP information received on the interface with the specified interface address from overriding any of the router's statically configured routes.

Enter the interface address that you want to prevent override static routes on.

Valid Values: any valid IP address

Default Value: none

Select the Submit button.


IP Disable Override Default

The default gateway is the IP address of the next hop to the authoritative router. The default gateway has more complete routing information than the router.

This parameter prevents received RIP information from overriding the router's default gateway. This parameter is invoked on a per-IP-interface basis. When this parameter is disabled, default RIP routes received on the interface will not overwrite the router's current default gateway.

Enter the interface address for which you want to disable override default.

Valid Values: any valid IP address

Default Value: none

Select the Submit button.


IP Disable Packet Filter

Disables packet filtering on incoming traffic on the specified interface.

Enter the name of the packet filter you want to disable.

Valid Values: Any 16-character name.

You can include dashes (-) and underscores (_) in the name.

Default Value: None

Select the Submit button.


IP Disable Receiving RIP

Prevents any RIP packets from being received on the interface identified by the address.

Enter the interface address that you want to prevent from receiving RIP packets.

Valid Values: any valid IP address

Default Value: none

Select the Submit button.


IP Disable Receiving Dynamic All

The Disable Receiving Dynamic All option ensures that for RIP updates received on the specified interface, the MSS Server accepts only those network-level, subnet-level, or host-level routes entered by the Add Accept-RIP-Route option.

Enter the interface address that you want to prevent from receiving RIP updates by default.

Valid Values: any valid IP address

Default Value: none

Select the Submit button.


IP Disable Receiving Dynamic Hosts

If you disable receive dynamic hosts, RIP updates received on the specified interface cannot accept any host routes unless they have previously been added in the RIP Route Acceptance panel.

Enter the interface address that you want to prevent from receiving host routes.

Valid Values: any valid IP address

Default Value: none

Select the Submit button.


IP Disable Receiving Dynamic Nets

This parameter modifies the processing of RIP updates that are received on a particular interface. If this parameter is disabled, RIP updates for network-level routes received on the interface are not accepted unless they have previously been specified through the Network Address parameter on the RIP Route Acceptance panel.

Enter the interface address that you want to prevent from receiving RIP updates for network-level routes.

Valid Values: any valid IP address

Default Value: none

Select the Submit button.


IP Disable Receiving Dynamic Subnets

This parameter modifies the processing of RIP updates that are received on a particular interface. If this parameter is disabled, RIP updates for subnetwork-level routes received on the interface are not accepted unless they have previously been specified through the Network Address parameter on the RIP Route Acceptance panel.

Enter the interface address that you want to prevent from receiving RIP updates for subnetwork-level routes.

Valid Values: any valid IP address

Default Value: none

Select the Submit button.


IP Disable Sending All Routes

Prevents the router from advertising all routes in RIP updates sent out on the specified interface.

RIP routes sent out an interface are host-routes, static-routes, net-routes, and subnet-routes. You can turn these off individually using other IP Disable Sending options.

Enter the interface address that you want to prevent from sending RIP updates for all routes.

Valid Values: any valid IP address

Default Value: none

Select the Submit button.


IP Disable Sending Default-Routes

Prevents the router from advertising a default route in RIP updates sent out on the specified interface.

The RIP routes sent out an interface are host-routes, static-routes, net-routes, and subnet-routes. You can turn these off individually using other IP Disable Sending options.

Enter the interface address that you want to prevent from sending RIP updates for default routes.

Valid Values: any valid IP address

Default Value: none

Select the Submit button.


IP Disable Sending Net-Routes

Prevents the router from advertising a network-route in RIP updates sent out the specified interface.

The RIP routes sent out an interface are host-routes, static-routes, net-routes, and subnet-routes. You can turn these off individually using other IP Disable Sending options.

Enter the interface address that you want to prevent from sending RIP updates for network-level routes.

Valid Values: any valid IP address

Default Value: none

Select the Submit button.


IP Disable Sending Host-Routes

Prevents the router from advertising a host-route in RIP updates sent out on the specified interface.

The RIP routes sent out an interface are host-routes, static-routes, net-routes, and subnet-routes. You can turn these off individually using other IP Disable Sending options.

Enter the interface address that you want to prevent from sending RIP updates for host-level routes.

Valid Values: any valid IP address

Default Value: none

Select the Submit button.


IP Disable Sending Static Routes

Prevents the router from advertising all statically configured and directly connected routes in RIP updates sent out the interface that is identified by the interface address.

Enter the interface address that you want to prevent from sending RIP updates for static routes.

Valid Values: any valid IP address

Default Value: none

Select the Submit button.


IP Disable Sending Subnet-Routes

Prevents the router from advertising subnet routes in RIP updates sent out on the specified interface. You can turn these off individually.

The RIP routes sent out an interface are host-routes, static-routes, net-routes, and subnet-routes. You can turn these off individually using other IP Disable Sending options.

Enter the interface address that you want to prevent from sending RIP updates for subnetwork-level routes.

Valid Values: any valid IP address

Default Value: none

Select the Submit button.


IP Disable Sending Poisoned-Reverse-Routes

Prevents the router from including poisoned reverse routes in RIP updates sent out on the specified interface.

Enter the interface address that you want to prevent from sending RIP updates for poisoned reverse routes.

Valid Values: any valid IP address

Default Value: none

Select the Submit button.


IP Disable UDP-Forwarding

Disables User Datagram Protocol (UDP) Forwarding for the port identified.

Enter the port number that you want to disable UDP forwarding.

Valid Values: an integer in the range of [0 - 65535]

Default Value: 0

Select the Submit button.


IP Enable Bootp-Forwarding

Enables BOOTP/DHCP packet forwarding. In order to use BOOTP forwarding, you must also add one or more BOOTP servers with the Add Bootp-Server option.
  1. Enter a Maximum number of forwarding hops

    The maximum number of forwarding hops is the maximum number of allowable BOOTP agents that can forward a BOOTP request from the client to the Server (this is not the maximum number of IP hops to the server).

    Default Value: 4

  2. Enter a minimum number of seconds before forwarding

    The Bootp client copies its Ethernet address (or appropriate MAC address) into a Bootp request packet and broadcasts it onto the local LAN. The Bootp relay agent (the router) receives the packet and checks to see if the packet is well formatted and that the maximum number of application hops has not expired. It also checks to see if the Bootp client has been trying long enough.

    This parameter specifies the number of seconds you want the Bootp client to retry before the router, acting as a Bootp relay agent, forwards the Bootp request to the server through another path. Use this parameter when there is a redundant path between the Bootp client and the server, and you want to use the secondary path as a standby. This parameter is not commonly used. A typical value for this parameter is 0.

    Default Value: 0

    Use this parameter when there is a redundant path between the client and the server, and you want to use the secondary paths as a standby.

Select the Submit button.