Home page of Satellite Internet and Information

Satellite Internet Forum.

Welcome, Guest.
Welcome to this satellite broadband discussion forum. Wherever you are and whatever your problem we are here to help each other. Connecting to the internet via satellite is not always easy but is critically important to those in remote places or with poor terrestrial infrastructure. Both service providers and customers are encouraged to contribute. Register at the bottom of the forum home page if you wish to contribute or ask question. Read the Forum rules.
      Satellite Internet Forum : Home Page          
Pages: 1

Creating ACL (access control list)

(Read 2893 times)
Ex Member
Ex Member


Apr 23rd, 2008 at 4:36am  
I ran a search for creating ACL's on the iDirect modem but came up with nothing.  If I missed it please someone post a link.

This is a pretty simple and basic question (at least I believe it is).  Creating a MAC ACL on iDirect... How do I do it?  Can it be done? or is the only possible way to do it is with static IP's?

Any help would be appreciated.  Thanks!

EDIT: I understand it would be pretty simple with a cisco router inline but I'd like to try and do it straight from the iDirect modem...  Thanks again
Back to top
« Last Edit: Apr 23rd, 2008 at 8:57am by N/A »  
 
IP Logged
 
Ex Member
Ex Member


Reply #1 - Apr 23rd, 2008 at 11:57am  
I have never done it, and to be honest I am not sure it can be done.  I will nose around and see what I can find out.
Back to top
 
 
IP Logged
 
Ex Member
Ex Member


Reply #2 - Apr 23rd, 2008 at 12:43pm  
I was hoping you weren't gonna say that:)  Haha... I searched a bit and came up with nothing.  The closest thing to anything remotely promising was this link here. 

http://arcusnet.com/UserFiles/Image/Files/Efficiencies_of_iDirect_Technology.pdf

It just briefly touches base on it.  Hope to hear good news and thanks for the help Mike...
Back to top
 
 
IP Logged
 
Ex Member
Ex Member


Reply #3 - Apr 24th, 2008 at 12:12pm  
ACL's on the idirect platform have to be configured in the filter setup.  this is done in iBuilder from the hub location under the QoS folder.  you can filter out just about anything you like, from protocols, to ports to IP addresses or ranges of all the above, you can create multiple rules per filter and apply this to the remote. 
It's not a strictly Cisco implementation of ACL, top down and last matching rule is Deny all type affair, but it can be configured to give a pretty good ACL.
Back to top
 
 
IP Logged
 
Ex Member
Ex Member


Reply #4 - Apr 25th, 2008 at 10:05am  
Thanks Scout!

Now you said pretty much anything... I'm assuming this includes MAC's.

I havn't had the privy of using iBuilder so I'm not to familiar with it... I'll try to talk to the NOC about this...

Great info!!!

I can't alter this in the option file?  The NOC has to have this in there configs?

EDIT:  I had the NOC send me a screenshot of the QoS folder from iBuilder.  It looks pretty basic...(filter DNS, filter FTP, filter SSH, filter Mail) unless you have more options when you click the details button.
Back to top
« Last Edit: Apr 25th, 2008 at 3:44pm by N/A »  
 
IP Logged
 
Ex Member
Ex Member


Reply #5 - Apr 26th, 2008 at 12:58pm  
Scout is right.  It didnt even cross my mind that you can use the filter rules.  I dont use them, therefore I didnt even think about it.  

Back to top
 
 
IP Logged
 
Ex Member
Ex Member


Reply #6 - Apr 29th, 2008 at 4:39pm  
You can filter on Source IP, Destination IP, Source and Destination Ports(IP and Ports can be hosts or ranges, and can be equal to or not equal to), VLAN ranges, Protocol(of which there are around 130 listed in the standard configuration box), DSCP, TOS and Precedence.  all of these can be Allow or deny statements, and you can have any mixture of the above, as individual rules in an ACL, or combined to make very specific rules and then combined with more in the ACL.  idirect really have got a gem hidden here that not many people use as it is typically done at the hub with a Cisco and ACL there. 

you do have to have this configured by the hub team, but then if you tell them what you need to have blockedallowed I am sure they can assist.
Back to top
 
 
IP Logged
 
Pages: 1