FEC Onlineservices
 
Configuration of Acces-Lists and Filters
How to configure an access-list successfully

Overview
[1] How to configure an access-list, Scenario
How to configure an access-list
There may be the risk of getting locked out of the system. If the configuration will be done according to the following description, no problems should appear.

For the first step, the existing  Access Rules for all interfaces will be deactivated. Connect to the Bintec router via Telnet or any different terminal programm and go to Interfaces in  the submenu Security  - Access Lists.


X1200 II Setup Tool                                 BinTec Access Networks GmbH
[SECURITY][ACCESS]: IP Access Lists                                    x1200_II
_______________________________________________________________________________

 
 
 

                                Filter
                                Rules
                                Interfaces

                                EXIT

 

 

_______________________________________________________________________________
Press <Ctrl-n>, <Ctrl-p> to scroll through menu items, <Return> to enter
After choosing Interfaces, please deactivate the access-lists on all interfaces. Then you need to set the "Firtst Rule" to "none" and exit the menu with SAVE. Now all Filters have been deactivated and configuration changes can be performed without the danger of getting locked out of the system.

X1200 II Setup Tool                                 BinTec Access Networks GmbH
[SECURITY][ACCESS][INTERFACES]: Configure First Rules                  x1200_II
_______________________________________________________________________________


  Configure first rules for interfaces

  Interface       First Rule             First Filter
  en1-0           0   (no access rules)
  en1-0-snap      0   (no access rules)
  en3-0           0   (no access rules)
  en3-0-snap      0   (no access rules)


  EXIT


_______________________________________________________________________________
Press <Ctrl-n>, <Ctrl-p> to scroll, <Return> to select/edit
X1200 II Setup Tool                                 BinTec Access Networks GmbH
[SECURITY][ACCESS][INTERFACES][EDIT]                                   x1200_II
_______________________________________________________________________________

 


     Interface                en1-0
     First Rule               none

     Deny Silent              no
     Reporting Method         info

 


                    SAVE                               CANCEL
_______________________________________________________________________________
Use <Space> to select
Scenario
We act on the assumption that there is a Windows environment and the Bintec Router is used as the internet gateway.  If the router establishes a connection to the internet unintentionally, the reason might be that the router has received a DNS request from the LAN and forwarded it to the internet. A DNS request is an enquiry to the Internet Service Provider (ISP) to get the IP address of a certain server name. If  the ISP is not able to resolve the DNS request, the internet connection is needless and costs money. To avoid this some filters have to be generated.

2013 bintec elmeg GmbH