Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!zaphod.mps.ohio-state.edu!swrinde!ucsd!hub.ucsb.edu!aks@hub.ucsb.edu From: aks@somewhere.ucsb.edu (Alan Stebbens) Newsgroups: comp.sys.proteon Subject: P4200 IP Router & access-control Keywords: FILTERING IP ADDRESSES ON PROTEON P4200 Message-ID: <6360@hub.ucsb.edu> Date: 26 Sep 90 21:37:44 GMT Sender: news@hub.ucsb.edu Organization: CCSE, Univ. of CA, Santa Barbara Lines: 36 We have a P4200 with IP routing, and we are trying to setup a selective filter using the "access-control" feature, where except for a few, special IP addresses, IP traffic to or from any systems on a small range of subnets is supressed. This can be done using access lists on cisco routers, with their combination of "permit" and "deny" keywords on each list. We cannot figure out how to do this on the P4200, using either the "inclusive" or "exclusive" modes. To make this clear: we want to limit access of systems on two subnets to just a few machines in another subnet. For example: we have systems on subnets 128.111.1.0 and 128.111.2.0 which we want to restrict access to those systems only coming from 128.111.3.0 (not the real subnet numbers). In other words, access from any other network, or any other subnets within our own network is to be denied to the systems on our subnets 1 and 2. Try to construct an "exclusive" access-control list which does this (hint: it's possible, but incredibly complicated, and requires enumeration of all networks above 128.111.0.0). Is there any plan to enhance the access-control feature to allow both "permit" and "deny" style address filters? Is V8.1a the latest version? Should we punt and buy cisco? Alan Stebbens Computer Resource Manager Center for Computational Sciences and Engineering (CCSE) University of California, Santa Barbara 3111 Engineering I Santa Barbara, CA 93106 Internet: aks@hub.ucsb.edu BITNET: aks%hub@ucsbuxa.bitnet UUCP: ...{ucbvax,sdcsvax,cepu}!ucsbcsl!aks Voice: (805) 893-8135 (CCSE Office: 893-3221) -- Alan Stebbens