ADTRAN Stub Routing Spezifikationen PDF herunterladen (Seite 192)

100

101

Global Configuration Mode Command Set Command Reference Guide

Technology Review

Concepts:

Access control using the ADTRAN OS firewall has two fundamental parts: Access Control Lists (ACLs) and

Access Policy Classes (ACPs). ACLs are used as packet selectors by other ADTRAN OS systems; by

themselves they do nothing. ACPs consist of a selector (ACL) and an action (allow, discard, NAT). ACPs

integrate both allow and discard policies with NAT. ACPs have no effect until they are assigned to a network

interface.

Both ACLs and ACPs are order dependent. When a packet is evaluated, the matching engine begins with the

first entry in the list and progresses through the entries until it finds a match. The first entry that matches is

executed.

Packet Flow:

Case 1: Packets from interfaces with a configured policy class to any other interface

ACPs are applied when packets are received on an interface. If an interface has not been assigned a policy

class, by default it will allow all received traffic to pass through. If an interface has been assigned a policy class

but the firewall has not been enabled with the

ip firewall

command, traffic will flow normally from this interface

with no firewall processing.

Case 2: Packets that travel in and out a single interface with a configured policy class

These packets are processed through the ACPs as if they are destined for another interface (identical to

Case 1).

Case 3: Packets from interfaces without a configured policy class to interfaces with one

These packets are routed normally and are not processed by the firewall. The

ip firewall

command has no

effect on this traffic.

Case 4: Packets from interfaces without a configured policy class to other interfaces

without a configured policy class

This traffic is routed normally. The

ip firewall

command has no effect on this traffic.

Interface Association List

Access Control Polices

(permit, deny, NAT)

Route Lookup Packet OutPacket In

If session hit,

or no ACP configured

1 2 ... 187 188 189 190 191 192 193 194 195 196 197 ... 567 568

Kommentare zu diesen Handbüchern

Keine Kommentare

ADTRAN Stub Routing Spezifikationen Seite 192

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Vernetzung ADTRAN Stub Routing