| Sorry for my late reply but I had a good excuse.
What we simply have is one decnis,two clients via gap (Alpha's)
We have 4 dte's and we want to restrict the incoming calls
to those numbers we allow.Outgoing calls are not restricted.
I have configured the decnis security via the configurator,
and we rebooted the decnis.But the security didn't work.
We rebooted one of the Alpha's and suddenly the security worked.
We rebooted again and now we had no security anymore.
So my question is,what triggers this mechanism?
Should I reboot all clients?
I can post the whole ncl script if you want,but it's rather long
so I post only the security part:
!
! DECNIS CONFIGURATION SCRIPT
! ===========================
!
! This script was produced on: Thu Apr 17 09:51:19 1997
! using the utility: SYS$MANAGER:NIS$DECNIS_CONFIG.COM V3.1
!
!
! To use this script on a DECNIS system, the script
! must be processed by the CMIP utility.
!
!
!
! This is an NCL script for the following DECnis
!
! Node: LOCAL:.NIS001
! MOP Client Name: NIS001
! Hardware Type: DECNIS-600
! Hardware Address: 08-00-2b-a5-dd-b0
!
!
!
! The tower set for the DECNIS
!
! {
! (
! [DNA_CMIP-MICE] ,
! [DNA_SessioncontrolV3, number=19],
! [DNA_NSP],
! [DNA_OSInetwork , 49::00-06:AA-00-04-00-57-1A:20 ]
! )
! }
!
! Create the Event Dispatcher
!
create event dispatcher
!
! Create and set up the Event Stream: event_nis001_saturn
!
create event dispatcher outbound stream event_nis001_saturn
set event dispatcher outbound stream event_nis001_saturn -
sink address -
{ -
( -
[ DNA_CMIP-MICE ] , [ DNA_SessionControlV2 ,Number = 82 -
], [ DNA_NSP ], -
[ DNA_OSInetwork , 49::00-06:AA-00-04-00-62-1A:20 ] ) -
}
======================deleted a lot =============================
!
! Create and set DTE: DTE-3-0
! and LAPB link: DTE-3-0
! using Line: W618-3-0
!
create lapb link DTE-3-0 profile "LUXPAC"
set lapb link DTE-3-0 physical line modem connect line W618-3-0 , -
maximum data size 261 , window size 3
!
!
! Create and set DTE: DTE-3-0
! using Line: W618-3-0
!
!
create x25 protocol dte DTE-3-0 profile "LUXPAC"
set x25 protocol dte DTE-3-0 link service provider lapb link DTE-3-0 , -
inbound dte class LUXPAC , x25 address 451213 , -
outgoing list {[1..16]} , minimum packet size 32 , -
maximum packet size 128 , default packet size 128 , -
minimum window size 1 , maximum window size 2 , default window size 2
!
! Create and set DTE: DTE-3-1
! and LAPB link: DTE-3-1
! using Line: W618-3-1
!
create lapb link DTE-3-1 profile "LUXPAC"
set lapb link DTE-3-1 physical line modem connect line W618-3-1 , -
maximum data size 261 , window size 3
!
! Create and set DTE: DTE-3-1
! using Line: W618-3-1
!
create x25 protocol dte DTE-3-1 profile "LUXPAC"
set x25 protocol dte DTE-3-1 link service provider lapb link DTE-3-1 , -
inbound dte class LUXPAC_2 , x25 address 451212 , -
outgoing list {[1..16]} , minimum packet size 32 , -
maximum packet size 128 , default packet size 128 , -
minimum window size 1 , maximum window size 2 , default window size 2
!
! Create and set DTE: DTE-3-2
! and LAPB link: DTE-3-2
! using Line: W618-3-2
!
create lapb link DTE-3-2 profile "LUXPAC"
set lapb link DTE-3-2 physical line modem connect line W618-3-2 , -
maximum data size 261 , window size 7
!
! Create and set DTE: DTE-3-2
! using Line: W618-3-2
!
create x25 protocol dte DTE-3-2 profile "LUXPAC"
set x25 protocol dte DTE-3-2 link service provider lapb link DTE-3-2 , -
inbound dte class INFONET_1 , x25 address 313723520283 , -
outgoing list {[1..32]} , minimum packet size 128 , -
maximum packet size 128 , default packet size 128 , -
minimum window size 2 , maximum window size 2 , default window size 2
!
! Create and set DTE: DTE-3-3
! and LAPB link: DTE-3-3
! using Line: W618-3-3
!
create lapb link DTE-3-3 profile "LUXPAC"
set lapb link DTE-3-3 physical line modem connect line W618-3-3 , -
maximum data size 261 , window size 7
!
! Create and set DTE: DTE-3-3
! using Line: W618-3-3
!
create x25 protocol dte DTE-3-3 profile "LUXPAC"
set x25 protocol dte DTE-3-3 link service provider lapb link DTE-3-3 , -
inbound dte class GLOBAL_ONE_1 , x25 address 153171862 , -
outgoing list {[1..16]} , minimum packet size 256 , -
maximum packet size 256 , default packet size 256 , -
minimum window size 2 , maximum window size 2 , default window size 2
!
! Create Local DTE Class: LUXPAC
!
create x25 access dte class LUXPAC type local
set x25 access dte class LUXPAC local dtes -
(DTE-3-0)
!
! Create Local DTE Class: DTE-3-0
!
create x25 access dte class DTE-3-0 type local
set x25 access dte class DTE-3-0 local dtes -
(DTE-3-0)
!
! Create Local DTE Class: LUXPAC_2
!
create x25 access dte class LUXPAC_2 type local
set x25 access dte class LUXPAC_2 local dtes -
(DTE-3-1)
!
! Create Local DTE Class: DTE-3-1
!
create x25 access dte class DTE-3-1 type local
set x25 access dte class DTE-3-1 local dtes -
(DTE-3-1)
!
! Create Local DTE Class: INFONET_1
!
create x25 access dte class INFONET_1 type local
set x25 access dte class INFONET_1 local dtes -
(DTE-3-2)
!
! Create Local DTE Class: DTE-3-2
!
create x25 access dte class DTE-3-2 type local
set x25 access dte class DTE-3-2 local dtes -
(DTE-3-2)
!
! Create Local DTE Class: GLOBAL_ONE_1
!
create x25 access dte class GLOBAL_ONE_1 type local
set x25 access dte class GLOBAL_ONE_1 local dtes -
(DTE-3-3)
!
! Create Local DTE Class: DTE-3-3
!
create x25 access dte class DTE-3-3 type local
set x25 access dte class DTE-3-3 local dtes -
(DTE-3-3)
!
create x25 access filter saturn
set x25 access filter saturn priority 1 , security filter saturn
create x25 access filter DUNE
set x25 access filter DUNE priority 1 , inbound dte class LUXPAC
create x25 access filter tethys
set x25 access filter tethys priority 1 , security filter tethys
!
!
! Create and set up CLIENTS
!
!
create x25 server client saturn
set x25 server client saturn node saturn
set x25 server client saturn filters -
(saturn)
create x25 server client DUNE
set x25 server client DUNE node dune
set x25 server client DUNE filters -
(DUNE)
create x25 server client tethys
set x25 server client tethys node tethys
set x25 server client tethys filters -
(tethys)
!
!
! Create Security filters
!
!
!
create x25 access security filter tethys
set x25 access security filter tethys -
acl ((identifier =( PSI$TETHYS_ALL -
), access = ALL),(identifier = ( PSI$TETHYS_REMOTE -
), access = REMOTE_CHARGE),(identifier = ( PSI$TETHYS_NONE -
), access = NONE))
create x25 access security filter saturn
set x25 access security filter saturn -
acl ((identifier =( PSI$SATURN_ALL -
), access = ALL),(identifier = ( PSI$SATURN_REMOTE -
), access = REMOTE_CHARGE),(identifier = ( PSI$SATURN_NONE -
), access = NONE))
!
!
! Create Remote DTEs
!
!
create x25 access security dte class default remote dte match_all -
remote address prefix *
set x25 access security dte class default remote dte match_all -
rights identifiers -
(PSI$SATURN_NONE,PSI$TETHYS_NONE)
set x25 access security dte class default remote dte match_all -
acl ((identifier = ( PSI$DUNE -
), access = ALL),(identifier = ( PSI$SATURN -
), access = ALL),(identifier = ( PSI$TETHYS -
), access = ALL),(identifier = (*), access = NONE))
!
!
create x25 access security dte class default remote dte remdte-0 -
remote address prefix 021352230054
set x25 access security dte class default remote dte remdte-0 -
rights identifiers -
(PSI$SATURN_ALL,PSI$TETHYS_ALL)
set x25 access security dte class default remote dte remdte-0 -
acl ((identifier = ( PSI$DUNE -
), access = ALL),(identifier = ( PSI$SATURN -
), access = ALL),(identifier = ( PSI$TETHYS -
), access = ALL),(identifier = (*), access = NONE))
create x25 access security dte class default remote dte remdte-1 -
remote address prefix 0505223453000
set x25 access security dte class default remote dte remdte-1 -
rights identifiers -
(PSI$SATURN_ALL,PSI$TETHYS_ALL)
set x25 access security dte class default remote dte remdte-1 -
acl ((identifier = ( PSI$DUNE -
), access = ALL),(identifier = ( PSI$SATURN -
), access = ALL),(identifier = ( PSI$TETHYS -
), access = ALL),(identifier = (*), access = NONE))
!
========================== deleted a lot ========================
! Create Security Nodes
!
!
!
create x25 server security nodes tethys
set x25 server security nodes tethys nodes { tethys }
set x25 server security nodes tethys rights identifiers { PSI$TETHYS }
create x25 server security nodes saturn
set x25 server security nodes saturn nodes { saturn }
set x25 server security nodes saturn rights identifiers { PSI$SATURN }
create x25 server security nodes dune
set x25 server security nodes dune nodes { dune }
set x25 server security nodes dune rights identifiers { PSI$DUNE }
!
!
! Create the Towers for Gateway Clients and Security Nodes
!
!
create session control known tower juliet towers -
{ -
( [ DNA_CMIP-MICE ] , [ DNA_SessionControlV2 ,Number = 25 -
], [ DNA_NSP ], -
[ DNA_OSInetwork , 49::00-06:AA-00-04-00-58-1A:20 ] ) -
}
create session control known tower saturn towers -
{ -
( [ DNA_CMIP-MICE ] , [ DNA_SessionControlV2 ,Number = 25 -
], [ DNA_NSP ], -
[ DNA_OSInetwork , 49::00-06:AA-00-04-00-62-1A:20 ] ) -
}
create session control known tower dune towers -
{ -
( [ DNA_CMIP-MICE ] , [ DNA_SessionControlV2 ,Number = 25 -
], [ DNA_NSP ], -
[ DNA_OSInetwork , 49::00-06:AA-00-04-00-02-18:20 ] ) -
}
create session control known tower tethys towers -
{ -
( [ DNA_CMIP-MICE ] , [ DNA_SessionControlV2 ,Number = 25 -
], [ DNA_NSP ], -
[ DNA_OSInetwork , 49::00-06:AA-00-04-00-6C-1A:20 ] ) -
}
!
!
|