[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
Title: | DEC Network Integration Server (DECNIS) |
Notice: | Please read note 1 to use this conference effectively |
Moderator: | MARVIN::WELCH |
|
Created: | Wed Sep 18 1991 |
Last Modified: | Thu Jun 05 1997 |
Last Successful Update: | Fri Jun 06 1997 |
Number of topics: | 3660 |
Total number of notes: | 15082 |
Hi,
Some questions in setting up DECnis (V4.0) for X.25 security, could
someone advise the following NCL will work for:
Customer will have a DECnis (V4.0) to provide incoming X.25 security
where there will be 3 dtes (dte1, dte2 and dte3) connected to DECnis,
on the LAN, there are 3 systems (nodea, nodeb and nodec).
Nodea and Nodeb can receive incoming X.25 calls on dte1 and dte2 from
several remote dtes (e.g. 123456, etc..). For Nodec, he can receive
and send calls to/from any remote dtes (no security at all).
Will the below NCL script do what customer want?
Thanks for any comment/help!
Andrew Chiu - NSIS Sydney
!
! 1) Create and set up X25 Access FILTERS
!
create x25 access filter nodea_dte1
set x25 access filter nodea priority 1 , subaddress range [[02..02]] , -
inbound dte class dte1 , security filter nodea
create x25 access filter nodea_dte2
set x25 access filter nodeb priority 1 , subaddress range [[02..02]] -
, inbound dte class dte2 , security filter nodeb
create x25 access filter nodea
set x25 access filter nodeb_dte1 priority 1 , subaddress range [[03..03]] , -
inbound dte class dte1 , security filter nodea
create x25 access filter nodeb_dte2
set x25 access filter nodeb priority 1 , subaddress range [[03..03]] -
, inbound dte class dte2 , security filter nodeb
!
create x25 access filter nodec
set x25 access filter nodec priority 1 , subaddress range [[11..11]] -
, inbound dte class dte3 , security filter nodec
!
! 2) Create and set up CLIENTS
!
create x25 server client nodea
set x25 server client nodea filters (nodea_dte1, nodea_dte2) , node nodea
create x25 server client nodeb
set x25 server client nodeb filters (nodeb_dte1, nodeb_dte2) , node nodeb
create x25 server client nodec
set x25 server client nodec filters (nodec) , node nodec
!
!
! 3) Create Security filters
!
create x25 access security filter DEFAULT
set x25 access security filter DEFAULT -
acl ((identifier =( PSI$DEFAULT_ALL -
), access = ALL),(identifier = ( PSI$DEFAULT_REMOTE -
), access = REMOTE_CHARGE),(identifier = ( PSI$DEFAULT_NONE -
), access = NONE))
create x25 access security filter nodea
set x25 access security filter nodea acl ((identifier =( PSI$nodea_ALL -
), access = ALL),(identifier = ( PSI$nodea_REMOTE -
), access = REMOTE_CHARGE),(identifier = ( PSI$nodea_NONE -
), access = NONE))
create x25 access security filter nodeb
set x25 access security filter nodeb -
acl ((identifier =( PSI$nodeb_ALL -
), access = ALL),(identifier = ( PSI$nodeb_REMOTE -
), access = REMOTE_CHARGE),(identifier = ( PSI$nodeb_NONE -
), access = NONE))
create x25 access security filter nodec
set x25 access security filter nodec -
acl ((identifier =(* -
), access = ALL))
!
! 4) Create Remote DTEs
!
create x25 access security dte class default remote dte match_all -
remote address prefix *
set x25 access security dte class default remote dte match_all -
rights identifiers (PSI$DEFAULT_NONE,PSI$nodea_NONE,PSI$nodeb_NONE)
set x25 access security dte class default remote dte match_all -
acl ((identifier = ( PSI$nodea -
), access = ALL),(identifier = ( PSI$nodeb -
), access = ALL),(identifier = ( PSI$OPEN_SECURITY -
), access = ALL),(identifier = (*), access = NONE))
!
!
create x25 access security dte class default remote dte remdte-0 -
remote address prefix 123456
set x25 access security dte class default remote dte remdte-0 -
rights identifiers (PSI$DEFAULT_REMOTE,PSI$nodea_REMOTE,PSI$nodeb_REMOTE)
set x25 access security dte class default remote dte remdte-0 -
acl ((identifier = ( PSI$nodea -
), access = ALL),(identifier = ( PSI$nodeb -
), access = ALL),(identifier = ( PSI$OPEN_SECURITY -
), access = ALL),(identifier = (*), access = NONE))
!
! add all other remote dtes to be checked here ...
!
!
! 5) Create Security Nodes
!
create x25 server security nodes nodea
set x25 server security nodes nodea nodes { nodea }
set x25 server security nodes nodea rights identifiers { PSI$nodea }
create x25 server security nodes nodeb
set x25 server security nodes nodeb nodes { nodeb }
set x25 server security nodes nodeb rights identifiers { PSI$nodeb }
create x25 server security nodes nodec
set x25 server security nodes nodec nodes { nodec }
set x25 server security nodes nodec rights identifiers { PSI$OPEN_SECURITY}
!
! 6) Create session control towers
!
create session control known tower nodea towers -
{ -
{ -
{%X0113}, -
{DNA$ProtID$SessCtlV2 Number = 25 }, -
{dna$protid$nsp}, -
{DNA$ProtID$RoutingV3 49::00-02:AA-00-04-00-02-08:20 } -
} -
}
create session control known tower nodeb towers -
{ -
{ -
{%X0113}, -
{DNA$ProtID$SessCtlV2 Number = 25 }, -
{dna$protid$nsp}, -
{DNA$ProtID$RoutingV3 49::00-02:AA-00-04-00-01-08:20 } -
} -
}
create session control known tower nodec towers -
{ -
{ -
{%X0113}, -
{DNA$ProtID$SessCtlV2 Number = 25 }, -
{dna$protid$nsp}, -
{DNA$ProtID$RoutingV3 49::00-02:AA-00-04-00-04-08:20 } -
} -
}
!
! end of extra ncl script for X.25 security
!
T.R | Title | User | Personal Name | Date | Lines
|
---|