:
1: 
IP 
=192.168.1.254/24 
IP 
= 192.168.1.1/24, 
(Intranet OK)
2: 
IP 
= 192.168.1.1/26, 
(
.1 - .63 
Internet)
3: 
IP 
= 192.168.1.1/24, 
(
.1 - .254 
Internet) 
4: 
, 
# 
1: .1 - .254 Intranet OK
create access_profile ip destination_ip_mask 255.255.255.0 source_ip_mask 255.255.255.0 profile_id 10 config access_profile profile_id 10 add access_id 11 ip destination_ip 192.168.1.254 source_ip 192.168.1.1 permit
# 
2: 
.1 - .63 
Internet
create access_profile ip source_ip_mask 255.255.255.192 profile_id 20
config access_profile profile_id 20 add access_id 21 ip source_ip 192.168.1.1 permit
# 
3: 
.1 - .254 
Internet
create access_profile ip source_ip_mask 255.255.255.0 profile_id 30
config access_profile profile_id 30 add access_id 31 ip source_ip 192.168.1.1 deny
# 
4: 
:
1.192.168.1.1 - 192.168.1.63 
Internet (
2), 
PC .64
-.253 (
1).
2.PC .64 - .253 
PC .1 - .253 (
1), 
Internet (
3).
: |
|
|
|
|
1: |
IP |
= 192.168.1.1/26, |
( |
.1 - .63 |
|
Internet) |
|
|
|
2: |
IP |
= 192.168.1.254/32, |
|
( |
|
) |
|
|
|
3: 
, 
# 
1: 
.1 - .63 
Internet
create access_profile ip source_ip_mask 255.255.255.192 profile_id 10 config access_profile profile_id 10 add access_id 10 ip source_ip 192.168.1.1 port 1 permit
# 
2: 
Internet
create access_profile ip destination_ip_mask 255.255.255.255 profile_id 20 config access_profile profile_id 20 add access_id 20 ip destination_ip 192.168.1.254 port 1 deny
# 
3: 
CERT (http://www.cert.org/), 
TCP/UDP
:
1. 
TCP 
135,139,445.
CLI:
create access_profile ip tcp dst_port_mask 0xFFFF deny profile_id 30 config access_profile profile_id 30 add access_id 1 ip tcp dst_port 135 config access_profile profile_id 30 add access_id 2 ip tcp dst_port 139 config access_profile profile_id 30 add access_id 3 ip tcp dst_port 445
2. 
UDP 
135,139,445
CLI:
create access_profile ip udp dst_port_mask 0xFFFF deny profile_id 40 config access_profile profile_id 40 add access_id 1 ip udp dst_port 135 config access_profile profile_id 40 add access_id 2 ip udp dst_port 139 config access_profile profile_id 40 add access_id 3 ip udp dst_port 445
DES-3526
C: DES-3526
– 
DSCP 
1p 
:
1 - 
dscp = 10 = 
802.1p = 3
2 – 
dscp = 20 = 
802.1p = 5
3 – 
dscp = 30 = 
802.1p = 7 
“802.1p User Priority”
.
SIP |
|
|
|
|
FTP- |
|
|
|
|
||
1 |
|
|
|
Web- |
|
|
|
|
|||
|
|
|
|
||
|
|
|
|
|
#1
PC11
#2
SIP 
2
PC21 PC22
config access_profile profile_id <value 1-6> ip { |
| source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value> | [ icmp | igmp |
| tcp { src_port <value 0-65535> | dst_port <value 0-65535> | flag [all | { urg | ack | psh | rst | syn | fin }] } |
| udp { src_port <value 0-65535> | dst_port <value 0-65535> } |
| protocol_id <value 0 - 255> { user_define <hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex |
0x0-0xffffffff><hex 0x0-0xffffffff>} ] } |
port <portlist> |
[ permit { priority <value 0-7> {replace_priority_with <value 0-7>} | replace_dscp_with <value 0-63>} |
| deny ]} |
config access_profile profile_id <value 1-6> ip { |
| source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value> | [ icmp | igmp |
| tcp { src_port <value 0-65535> | dst_port <value 0-65535> | flag [all | { urg | ack | psh | rst | syn | fin }] } |
| udp { src_port <value 0-65535> | dst_port <value 0-65535> } |
| protocol_id <value 0 - 255> { user_define <hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex |
0x0-0xffffffff><hex 0x0-0xffffffff>} ] } |
port <portlist> |
[ permit { priority <value 0-7> {replace_priority_with <value 0-7>} | replace_dscp_with <value 0-63> | |
rx_rate [ no_limit | <value 1-156249>] } |
| deny ]} |