DOCSLIB.ORG

NETGEAR Prosafe VPN Firewall FVS318G V2 Reference Manual

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

NETGEAR ProSAFE VPN Firewall FVS318G v2 Reference Manual October 2014 202-11465-01 350 East Plumeria Drive San Jose, CA 95134 USA NETGEAR ProSAFE VPN Firewall FVS318G v2 Support Thank you for selecting NETGEAR products. After installing your device, locate the serial number on the label of your product and use it to register your product at https://my.netgear.com. You must register your product before you can use NETGEAR telephone support. NETGEAR recommends registering your product through the NETGEAR website. For product updates and web support, visit http://support.netgear.com. Phone (US & Canada only): 1-888-NETGEAR. Phone (Other Countries): Check the list of phone numbers at http://support.netgear.com/general/contact/default.aspx. Compliance For regulatory compliance information, visit http://www.netgear.com/about/regulatory. See the regulatory compliance document before connecting the power supply. Trademarks NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change without notice. © NETGEAR, Inc. All rights reserved. Revision History Publication Version Publish Date Comments Part Number 202-11465-01 1.0 October 2014 First publication 2 Contents Chapter 1 Introduction What Is the NETGEAR ProSAFE VPN Firewall FVS318G v2? . .9 Key Features and Capabilities . .9 Advanced VPN Support for IPSec . 10 A Powerful, True Firewall . 10 Security Features . 10 Autosensing Ethernet Connections with Auto Uplink . 10 Extensive Protocol Support . 11 Easy Installation and Management. 11 Maintenance and Support . 12 Package Contents . 12 Hardware Features . 13 Front Panel. 13 Rear Panel . 16 Bottom Panel with Product Label. 17 Choose a Location for the VPN Firewall . 17 Wall-Mount the VPN Firewall with the Mounting Kit . 18 Log In to the VPN Firewall . 19 Web Management Interface Menu Layout . 21 Requirements for Entering IP Addresses. 22 IPv4 Addresses . 23 IPv6 Addresses . 23 Chapter 2 IPv4 and IPv6 Internet and Broadband Settings Internet and WAN Configuration Tasks . 25 IPv4 Internet Connections . 25 IPv6 Internet Connections . 25 Configure the IPv4 Internet Connection and WAN Settings . 26 Configure the IPv4 WAN Mode . 26 Let the VPN Firewall Automatically Detect and Configure an IPv4 Internet Connection . 28 Manually Configure an IPv4 Internet Connection . 31 Configure Dynamic DNS . 35 Configure the IPv6 Internet Connection and WAN Settings . 38 Configure the IPv6 Routing Mode . 39 Use a DHCPv6 Server to Configure an IPv6 Internet Connection . 40 Configure a Static IPv6 Internet Connection . 42 Configure a PPPoE IPv6 Internet Connection . 44 Configure 6to4 Automatic Tunneling . 47 3 NETGEAR ProSAFE VPN Firewall FVS318G v2 Configure ISATAP Automatic Tunneling . 48 View the Tunnel Status and IPv6 Addresses. 51 Configure Stateless IP/ICMP Translation . 51 Configure Advanced WAN Options and Other Tasks. 52 Additional WAN-Related Configuration Tasks . 55 Verify the Connection . 55 What to Do Next . 55 Chapter 3 LAN Configuration Manage IPv4 Virtual LANs and DHCP Options . 57 Port-Based VLANs . 57 Assign and Manage VLAN Profiles . 58 VLAN DHCP Options. 60 Configure a VLAN Profile. 61 Configure VLAN MAC Addresses and LAN Advanced Settings . 68 Configure IPv4 Multihome LAN IP Addresses on the Default VLAN . 69 Manage IPv4 Groups and Hosts (IPv4 LAN Groups) . 71 Manage the Network Database . 73 Change Group Names in the Network Database . 77 Set Up DHCP Address Reservation . 78 Manage the IPv6 LAN. 78 DHCPv6 Server Options . 79 Configure the IPv6 LAN. 80 Configure the IPv6 Router Advertisement Daemon and Advertisement Prefixes for the LAN . 88 Configure IPv6 Multihome LAN IP Addresses on the Default VLAN . 93 Enable and Configure the DMZ Port for IPv4 and IPv6 Traffic . 96 DMZ Port for IPv4 Traffic. 96 DMZ Port for IPv6 Traffic. 100 Configure the IPv6 Router Advertisement Daemon and Advertisement Prefixes for the DMZ . 106 Manage Static IPv4 Routing . 111 Configure Static IPv4 Routes . 111 Configure the Routing Information Protocol . 114 IPv4 Static Route Example . 116 Manage Static IPv6 Routing . 117 Configure Quality of Service. 120 Chapter 4 Firewall Protection About Firewall Protection . 126 Administrator Tips . 126 Overview of Rules to Block or Allow Specific Kinds of Traffic. 127 Outbound Rules. 128 Inbound Rules . 130 Order of Precedence for Rules. 134 Configure LAN WAN Rules . 134 Create LAN WAN Outbound Service Rules . 137 4 NETGEAR ProSAFE VPN Firewall FVS318G v2 Create LAN WAN Inbound Service Rules. 141 Configure DMZ WAN Rules . 144 Create DMZ WAN Outbound Service Rules . 147 Create DMZ WAN Inbound Service Rules . 150 Configure LAN DMZ Rules . 153 Create LAN DMZ Outbound Service Rules . 156 Create LAN DMZ Inbound Service Rules . 158 Examples of Firewall Rules. ..
Recommended publications
  • Red Hat Enterprise Linux 3 Security Guide

    Red Hat Enterprise Linux 3 Security Guide

    Red Hat Enterprise Linux 3 Security Guide Red Hat Enterprise Linux 3: Security Guide Copyright © 2003 by Red Hat, Inc. Red Hat, Inc. 1801 Varsity Drive Raleigh NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588 Research Triangle Park NC 27709 USA rhel-sg(EN)-3-Print-RHI (2003-07-25T17:12) Copyright © 2003 by Red Hat, Inc. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, V1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/). Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. Distribution of the work or derivative of the work in any standard (paper) book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder. Red Hat, Red Hat Network, the Red Hat "Shadow Man" logo, RPM, Maximum RPM, the RPM logo, Linux Library, PowerTools, Linux Undercover, RHmember, RHmember More, Rough Cuts, Rawhide and all Red Hat-based trademarks and logos are trademarks or registered trademarks of Red Hat, Inc. in the United States and other countries. Linux is a registered trademark of Linus Torvalds. Motif and UNIX are registered trademarks of The Open Group. XFree86 is a trademark of The XFree86 Project, Inc, and is pending registration. Intel and Pentium are registered trademarks of Intel Corporation. Itanium and Celeron are trademarks of Intel Corporation. AMD, Opteron, Athlon, Duron, and K6 are registered trademarks of Advanced Micro Devices, Inc.
  • Abstract Introduction Methodology

    Abstract Introduction Methodology

    Kajetan Hinner (2000): Statistics of major IRC networks: methods and summary of user count. M/C: A Journal of Media and Culture 3(4). <originally: http://www.api-network.com/mc/0008/count.html> now: http://www.media-culture.org.au/0008/count.html - Actual figures and updates: www.hinner.com/ircstat/ Abstract The article explains a successful approach to monitor the major worldwide Internet Relay Chat (IRC) networks. It introduces a new research tool capable of producing detailed and accurate statistics of IRC network’s user count. Several obsolete methods are discussed before the still ongoing Socip.perl program is explained. Finally some IRC statistics are described, like development of user figures, their maximum count, IRC channel figures, etc. Introduction Internet Relay Chat (IRC) is a text-based service, where people can meet online and chat. All chat is organized in channels which a specific topic, like #usa or #linux. A user can be taking part in several channels when connected to an IRC network. For a long time the only IRC network has been EFnet (Eris-Free Network, named after its server eris.berkeley.edu), founded in 1990. The other three major IRC networks are Undernet (1993), DALnet (1994) and IRCnet, which split off EFnet in June 1996. All persons connecting to an IRC network at one time create that IRC network’s user space. People are constantly signing on and off, the total number of users ever been to a specific IRC network could be called social space of that IRC network. It is obvious, that the IRC network’s social space by far outnumbers its user space.
  • Porte TCP/IP 19/09/2021

    Porte TCP/IP 19/09/2021

    1 MarkOne Tools Porte TCP/IP 19/09/2021 1 PORTS 0F TCP/IP Protocols and Services Introduction The port numbers are divided into three ranges: the Well Known Ports: are those from 0 through 1023. DCCP Well Known ports SHOULD NOT be used without IANA registration. The registration procedure is defined in [RFC4340], Section 19.9. the Registered Ports: are those from 1024 through 49151. DCCP Registered ports SHOULD NOT be used without IANA registration. The registration procedure is defined in [RFC4340], Section 19.9. the Dynamic and/or Private Ports: are those from 49152 through 65535 PLEASE NOTE THE FOLLOWING: 1. UNASSIGNED PORT NUMBERS SHOULD NOT BE USED. THE IANA WILL ASSIGN THE NUMBER FOR THE PORT AFTER YOUR APPLICATION HAS BEEN APPROVED. 2. ASSIGNMENT OF A PORT NUMBER DOES NOT IN ANY WAY IMPLY AN ENDORSEMENT OF AN APPLICATION OR PRODUCT, AND THE FACT THAT NETWORK TRAFFIC IS FLOW- ING TO OR FROM A REGISTERED PORT DOES NOT MEAN THAT IT IS "GOOD" TRAFFIC. FIREWALL AND SYSTEM ADMINISTRATORS SHOULD CHOOSE HOW TO CONFIGURE THEIR SYSTEMS BASED ON THEIR KNOWLEDGE OF THE TRAFFIC IN QUESTION, NOT WHETHER THERE IS A PORT NUMBER REGISTERED OR NOT. Socket: è costituito dal concatenamento di un indirizzo IP con il numero di porta di una specifica applicazione (p.es. 10.65.10.13:2001) TCP/IP protocols Port Name Alias 0 IP IP 1 icmp ICMP 3 ggp GGP 6 tcp TCP 8 egp EGP 12 pup PUP 17 udp UDP 20 hmp HMP 22 xns-idp XNS-IDP 27 rdp RDP 66 rvd RVD 1 last updated 2007-01-24 2 MarkOne Tools Porte TCP/IP 19/09/2021 WELL KNOWN PORT NUMBERS The Well Known Ports are assigned by the IANA and on most systems can only be used by system (or root) processes or by programs executed by privileged users.
  • Empirical Analysis of the Effects and the Mitigation of Ipv4 Address Exhaustion

    Empirical Analysis of the Effects and the Mitigation of Ipv4 Address Exhaustion

    TECHNISCHE UNIVERSITÄT BERLIN FAKULTÄT FÜR ELEKTROTECHNIK UND INFORMATIK LEHRSTUHL FÜR INTELLIGENTE NETZE UND MANAGEMENT VERTEILTER SYSTEME Empirical Analysis of the Effects and the Mitigation of IPv4 Address Exhaustion vorgelegt von M.Sc. Philipp Richter geboren in Berlin von der Fakultät IV – Elektrotechnik und Informatik der Technischen Universität Berlin zur Erlangung des akademischen Grades DOKTOR DER NATURWISSENSCHAFTEN -DR. RER. NAT.- genehmigte Dissertation Promotionsausschuss: Vorsitzender: Prof. Dr.-Ing. Sebastian Möller, Technische Universität Berlin Gutachterin: Prof. Anja Feldmann, Ph.D., Technische Universität Berlin Gutachter: Prof. Vern Paxson, Ph.D., University of California, Berkeley Gutachter: Prof. Steve Uhlig, Ph.D., Queen Mary University of London Tag der wissenschaftlichen Aussprache: 2. August 2017 Berlin 2017 Abstract IP addresses are essential resources for communication over the Internet. In IP version 4, an address is represented by 32 bits in the IPv4 header; hence there is a finite pool of roughly 4B addresses available. The Internet now faces a fundamental resource scarcity problem: The exhaustion of the available IPv4 address space. In 2011, the Internet Assigned Numbers Authority (IANA) depleted its pool of available IPv4 addresses. IPv4 scarcity is now reality. In the subsequent years, IPv4 address scarcity has started to put substantial economic pressure on the networks that form the Internet. The pools of available IPv4 addresses are mostly depleted and today network operators have to find new ways to satisfy their ongoing demand for IPv4 addresses. Mitigating IPv4 scarcity is not optional, but mandatory: Networks facing address shortage have to take action in order to be able to accommodate additional subscribers and customers. Thus, if not confronted, IPv4 scarcity has the potential to hinder further growth of the Internet.
  • 74 Network Addressin

    74 Network Addressin

    CSC414 Communication Models Computer Network Client/Server Model System - Server Program Fundamentals Addressing - Runs on computer that has files to be shared - Web Server, Mail Server, Warcraft Server Server Client - Client Program Apache Firefox - Computer that needs to access remote files - Web Browser, Mail Client, World of Warcraft Digital Forensics Center Department of Computer Science and Statics THINK BIG WE DO Peer to Peer Model - Single program U R I - makes files on computer available Peer Peer http://www.forensics.cs.uri.edu - accesses remote files LimeWire LimeWire Addressing Data Domain Names http://www.uri.edu:80/courses/cs/index.html Hierarchical system for name creation and registration protocol computer directory file - Created so users would not have to memorize IP addresses address port - Global domain name system provides global scope for user friendly addresses OSI Model Domain Name Application Layer Country Codes Country Domain Type Common .us United States .biz Business File requested by client Presentation Layer Top Level .uk United Kingdom .com Commercial .au Australia .edu US Educational Folder or directory path on server Session Layer Maps to special directory used by Port Domains .cn China .gov US Government application .mil Military Transport Layer .ca Canada Mailbox on the machine the .de Germany .net Network server or peer is checking Top level Network Layer .org Nonprofit Organization IP Address (Logical) domains are .ru Russia What machine has the shared data .info Info Domain approved by .in India Where
  • AX1800 Wifi 6 Router Model RAX15

    AX1800 Wifi 6 Router Model RAX15

    User Manual AX1800 WiFi 6 Router Model RAX15 NETGEAR, Inc. August 2021 350 E. Plumeria Drive 202-12029-02 San Jose, CA 95134, USA AX1800 WiFi 6 Router Support and Community Visit netgear.com/support to get your questions answered and access the latest downloads. You can also check out our NETGEAR Community for helpful advice at community.netgear.com. Regulatory and Legal Si ce produit est vendu au Canada, vous pouvez accéder à ce document en français canadien à https://www.netgear.com/support/download/. (If this product is sold in Canada, you can access this document in Canadian French at https://www.netgear.com/support/download/.) For regulatory compliance information including the EU Declaration of Conformity, visit https://www.netgear.com/about/regulatory/. See the regulatory compliance document before connecting the power supply. For NETGEAR’s Privacy Policy, visit https://www.netgear.com/about/privacy-policy. By using this device, you are agreeing to NETGEAR’s Terms and Conditions at https://www.netgear.com/about/terms-and-conditions. If you do not agree, return the device to your place of purchase within your return period. Trademarks ©NETGEAR, Inc. NETGEAR and the NETGEAR Logo are trademarks of NETGEAR, Inc. Any non-NETGEAR trademarks are used for reference purposes only. 2 Contents Chapter 1 Hardware Setup Unpack your router...............................................................................9 Front panel LEDs and buttons..........................................................10 Rear panel and side panel.................................................................12
  • Unicast Multicast IP Multicast Introduction

    Unicast Multicast IP Multicast Introduction

    Outline 11: ❒ IP Multicast ❒ Multicast routing IP Multicast ❍ Design choices ❍ Distance Vector Multicast Routing Protocol (DVMRP) Last Modified: ❍ Core Based Trees (CBT) ❍ Protocol Independent Multicast (PIM) 4/9/2003 1:15:00 PM ❍ Border Gateway Multicast Protocol (BGMP) ❒ Issues in IP Multicast Deplyment Based on slides by Gordon Chaffee Berkeley Multimedia Research Center URL: http://bmrc.berkeley.edu/people/chaffee 4: Network Layer 4a-1 4: Network Layer 4a-2 What is multicast? Unicast ❒ ❒ 1 to N communication Problem Sender ❍ ❒ Nandwidth-conserving technology that Sending same data to reduces traffic by simultaneously many receivers via unicast is inefficient delivering a single stream of information to R multiple recipients ❒ Example ❒ Examples of Multicast ❍ Popular WWW sites ❍ Network hardware efficiently supports become serious multicast transport bottlenecks • Example: Ethernet allows one packet to be received by many hosts ❍ Many different protocols and service models • Examples: IETF IP Multicast, ATM Multipoint 4: Network Layer 4a-3 4: Network Layer 4a-4 Multicast IP Multicast Introduction ❒ Efficient one to many Sender ❒ Efficient one to many data distribution data distribution ❍ Tree style data distribution ❍ Packets traverse network links only once R ❒ Location independent addressing ❍ IP address per multicast group ❒ Receiver oriented service model ❍ Applications can join and leave multicast groups ❍ Senders do not know who is listening ❍ Similar to television model ❍ Contrasts with telephone network, ATM 4: Network Layer
  • Prosafe Gigabit Quad WAN SSL VPN Firewall SRX5308 CLI Reference Manual

    Prosafe Gigabit Quad WAN SSL VPN Firewall SRX5308 CLI Reference Manual

    ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 CLI Reference Manual 350 East Plumeria Drive San Jose, CA 95134 USA August 2012 202-11138-01 v1.0 ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 © 2012 NETGEAR, Inc. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of NETGEAR, Inc. NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change without notice. Other brand and product names are registered trademarks or trademarks of their respective holders. © 2012 All rights reserved. Technical Support Thank you for choosing NETGEAR. To register your product, get the latest product updates, get support online, or for more information about the topics covered in this manual, visit the Support website at http://support.netgear.com. Phone (US & Canada only): 1-888-NETGEAR Phone (Other Countries): Check the list of phone numbers at http://support.netgear.com/app/answers/detail/a_id/984. Statement of Conditions To improve internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use, or application of, the product(s) or circuit layout(s) described herein. Revision History Publication Part Number Version Publish Date Comments 202-11138-01 1.0 August 2012 First publication 2 Contents Chapter 1 Introduction Command Syntax and Conventions.
  • Honeydv6 a Low-Interaction Ipv6 Honeypot

    Honeydv6 a Low-Interaction Ipv6 Honeypot

    HoneydV6 A low-interaction IPv6 honeypot Sven Schindler Potsdam University Institute for Computer Science Operating Systems and Distributed Systems Reykjavík, July 29, 2013 Outline 1 Introduction 2 An IPv6 darknet experiment 3 HoneydV6 - Development and Performance Measurements 4 Conclusion and Future work Sven Schindler (Potsdam University) HoneydV6 Frame 2 of 26 Introduction Outline 1 Introduction 2 An IPv6 darknet experiment 3 HoneydV6 - Development and Performance Measurements 4 Conclusion and Future work Sven Schindler (Potsdam University) HoneydV6 Frame 3 of 26 Introduction Why do we need IPv6 dark- and honeynets? huge IPv6 address space makes brute-force network scanning impossible new scanning approaches in the wild? attacks aiming at IPv6 design weaknesses how to analyse IPv6 related attacks? Sven Schindler (Potsdam University) HoneydV6 Frame 4 of 26 Introduction THC and si6 - IPv6 Attack Toolkits IPv6 attack tools like THC toolkit [3] and si6 [8] available fragment6 (THC) - duplicate fragments fake_router6 (THC) - become the default router rsmurf6 (THC) - remote smurf attack tool dos-new-ip6 (THC) - block new hosts from joining a network scan6 (si6) - intelligent scan approaches Sven Schindler (Potsdam University) HoneydV6 Frame 5 of 26 An IPv6 darknet experiment Outline 1 Introduction 2 An IPv6 darknet experiment 3 HoneydV6 - Development and Performance Measurements 4 Conclusion and Future work Sven Schindler (Potsdam University) HoneydV6 Frame 6 of 26 An IPv6 darknet experiment Prior darknet experiments Why another IPv6 Darknet
  • Annex Communications Server Network Administrator's Guide 166

    Annex Communications Server Network Administrator's Guide 166

    1\N"l:X COMMUNICATIONS SERVER Network Administrator's Guide )xy1og1ca] Copyright @ 1990 Xylogics, Inc. 166- 024- 000 Revision E November 1991 1\N-41:X COMMUNICATIONS SERVER Network Administrator's Guide 166-024-000 Revision E November 1991 Notice The information in this manual is subject to change without notice, and should not be construed as a commitment by Xylogics, Inc. Xylogics assumes no responsibility for any errors that may appear in this document. Annex, Annex II, Annex lie, Annexthree, and Annex 3 are trademarks of Xylogics, Inc. UNIX is a registered trademark of AT&T. Ethernet is a registered trademark of Xerox Corporation. IBM is a registered trademark of the International Business Machines Corporation. XENIX Is a trademark of Microsoft Corporation. LAT is a trademark of Digital Equipment Corporation. Postscript is a registered trademark of Adobe Systems Incorporated. Copyright© 1990 Xylogics, Inc. Printed in the USA. Contents Preface .................................................. xiii General . xiii Supported Version . xiv Printing Conventions . xiv Related Documents . xv Book A: Overview Chapter 1: Introduction to the Annex ....................... A-1 General . A-1 Annex Capabilities . A-2 Network Administrator (na) Utility . A-2 Command Line Interpreter (CLI) . A-3 Customizing the User Interface . A-3 Expedited Remote Procedure Call Daemon (erpcd) . A-3 Extensive Security System . A-3 Port Servers and Rotaries . A-4 UNIX Host-originated Connections.................................. A-5 Name Server Support . A-5 Network Management . A-6 Full Routing . A-6 Multi-protocol Support . A-7 Applications for the Annex . A-7 Connecting Terminals . A-7 Connecting Remote Hosts, Networks, and Annexes.................... A-8 Connecting PCs to the Network .
  • Ipsec Overhead in Wireline and Wireless Networks for Web and Email Applications

    Ipsec Overhead in Wireline and Wireless Networks for Web and Email Applications

    IPSec Overhead in Wireline and Wireless Networks for Web and Email Applications George C. Hadjichristofi Nathaniel J. Davis, IV Scott F. Midkiff Bradley Department of Electrical and Computer Engineering Virginia Polytechnic Institute and State University Blacksburg, Virginia 2406 1 USA Abstract inserted in a system model to calculate the overall This paper focuses on characterizing the overhead of speedup when compression was used in different types of IP Security (IPSec)for email and web applications using networks. The research did not involve deploying test a set of test bed configurations. The different beds for “live” experimental measurements. confligurations are implemented using both wireline and Chappell, et al. did additional work [2]. The purpose wireless netwrk links. ne testing considers different of their research was to determine the suitability of IPSec combinations of authentication algorithms and for a Multiple Level Security environment. The research authentication protocols. Authentication algorithms used an experimental version of IPSec that was not include Hashed Message Authentication Code-Message optimized for performance. A simple IPSec wireline test Digest 5 (HMAC-MD5) and Hashed Message bed was deployed and various measurements were made. Authentication Code-Secure Hash Algorithm 1 (HMAC- The research did not investigate the overhead of using SHAl). Authentication protocols include Encapsulating authentication and encryption and the IPSec Security Payload (ESP) and Authentication Header (AH) implementation used only DES for confidentiality. protocols. Triple Digital Enclyption Standard (3DEq is The results presented in this paper are derived from used for encryption. Overhead is examined for scenarios actual measurements taken on wired and wireless test using no enclyption and no authentication, authentication beds and provide an expanded testing environment when and no encryption, and authentication and enclyption.
  • Appendix a Protocol Filters

    Appendix a Protocol Filters

    APPENDIX A Protocol Filters The tables in this appendix list some of the protocols that you can filter on the access point. In each table, the Protocol column lists the protocol name, the Additional Identifier column lists other names for the same protocol, and the ISO Designator column lists the numeric designator for each protocol. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points A-1 Appendix A Protocol Filters Table A-1 EtherType Protocols Protocol Additional Identifier ISO Designator ARP — 0x0806 RARP — 0x8035 IP — 0x0800 Berkeley Trailer Negotiation — 0x1000 LAN Test — 0x0708 X.25 Level3 X.25 0x0805 Banyan — 0x0BAD CDP — 0x2000 DEC XNS XNS 0x6000 DEC MOP Dump/Load — 0x6001 DEC MOP MOP 0x6002 DEC LAT LAT 0x6004 Ethertalk — 0x809B Appletalk ARP Appletalk 0x80F3 AARP IPX 802.2 — 0x00E0 IPX 802.3 — 0x00FF Novell IPX (old) — 0x8137 Novell IPX (new) IPX 0x8138 EAPOL (old) — 0x8180 EAPOL (new) — 0x888E Telxon TXP TXP 0x8729 Aironet DDP DDP 0x872D Enet Config Test — 0x9000 NetBUI — 0xF0F0 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points A-2 Appendix A Protocol Filters Table A-2 IP Protocols Protocol Additional Identifier ISO Designator dummy — 0 Internet Control Message Protocol ICMP 1 Internet Group Management Protocol IGMP 2 Transmission Control Protocol TCP 6 Exterior Gateway Protocol EGP 8 PUP — 12 CHAOS — 16 User Datagram Protocol UDP 17 XNS-IDP IDP 22 ISO-TP4 TP4 29 ISO-CNLP CNLP 80 Banyan VINES VINES 83 Encapsulation Header encap_hdr 98 Spectralink Voice Protocol SVP 119 Spectralink raw