Support User Manuals

D-Link DES-7200 Refrigerator User Manual

Open as PDF

of 1968

DES-7200 Configuration Guide Chapter 1 Access Control List

Configuration

1-37

2. DHCP packets (UDP port number being 67/68) are allowed to pass through

without authentication, so that the user PC can acquire the IP address in order to

proceed with authentication.

1.12.3.3 Configuration Tips

Configure ACL80 or expert ACL on the access device (SwitchB/SwitchC) and

combine the feature of secure tunnel to permit certain packets without authentication.

In this case, ACL80 is configured on SwitchB and expert ACL is configured on

SwitchC.

1.12.3.4 Configuration Steps

SwitchB

☞

Configuration

Guide

The customized ACL allows the user to define 64 bytes out

of the first 80 bytes of packets to perform per-bit matching

and filtering. The user-defined string will be compared with

the string extracted from packet (1 means match and 0

means no match), so as to determine further action.

Step 1: Configure the customized ACL

SwitchB#configure terminal

! Create a customized ACL named "tongdao"

SwitchB(config)#expert access-list advanced tongdao

! Permit all ARP packets (protocol number being 0800, offset being 24) with source IP

(the offset in the source IP of ARP packets is 40) falling within the network segment of

172.18.0.0 (hexadecimal value being ac12)

SwitchB(config-exp-dacl)#permit 0806 ffff 24 ac12 ffff 40

! Permit all IP packets (protocol number being 0800, offset being 24) with source IP

(the offset in the source IP of IP packets is 38) falling within the network segment of

172.18.0.0 (hexadecimal value being ac12)

SwitchB(config-exp-dacl)#permit 0800 ffff 24 ac12 ffff 38

! Permit DHCP packets with UDP port being 67 (Bootstrap Protocol Server) and 68

(Bootstrap Protocol Client) (offset in protocol number being 35; hexadecimal value of

11 to indicate UDP; offset in port being 46; hexadecimal value of 43/44 corresponding

to 67 and 68).

SwitchB(config-exp-dacl)# permit 11 ff 35 00440043 ffffffff 46

SwitchB(config-exp-dacl)#exit

Step 2: Globally configure the ACL for secure tunnel application

! Configure ACL "tongdao" for secure tunnel application

SwitchB(config)# security global access-group tongdao

previous next