Filter
Top Products
nodes except node 1.9 because these two nodes share the same physical network.
To configure the desired access control for this example, build an inclusive filter on
interface Eth/0 of router 1.19 as shown in the bottom of Figure 16
The first and second entries of the inclusive filter information shown in Figure 16
allow nodes 1.2 and 1.4 to send packets to node 1.13. The third entry allows any
node to send to node 1.9 (you are not trying to secure node 1.9).
To configure the example given for router 1.19, enter the following NCP commands
and parameters:
NCP> def mod access-cont circ eth/0 type inclusive
NCP> def mod access-cont circ eth/0 filter 1.2 63.1023 1.13 63.1023
NCP> def mod access-cont circ eth/0 filter 1.4 63.1023 1.13 63.1023
NCP> def mod access-cont circ eth/0 filter 0.0 0.0 1.9 63.1023
NCP> def mod access-cont circ eth/0 state on
Exclusive Access Control
Figure 17 on page 256 shows how exclusive access control isolates node 4.4 from
the rest of the campus.
Source
Result
Source
Mask
Destination
Result
Destination
Mask
Inclusive Filter Information
1.2
1.4
0.0
63.1023
63.1023
0.0
1.13
1.13
1.9
63.1023
63.1023
63.1023
1.2
1.13
1.20
1.9
1.19
1.22 1.231.4
Eth/0
PPP/0
Figure 16. Example of Inclusive Access Control
Using DNA IV
Chapter 7. Using DNA IV 255