Example of inclusive access control, Exclusive access control – IBM SC30-3865-04 User Manual

nodes except node 1.9 because these two nodes share the same physical network.
To configure the desired access control for this example, build an inclusive filter on
interface Eth/0 of router 1.19 as shown in the bottom of Figure 16

The first and second entries of the inclusive filter information shown in Figure 16

allow nodes 1.2 and 1.4 to send packets to node 1.13. The third entry allows any

node to send to node 1.9 (you are not trying to secure node 1.9).

To configure the example given for router 1.19, enter the following NCP commands
and parameters:

NCP> def mod access-cont circ eth/0 type inclusive

NCP> def mod access-cont circ eth/0 filter 1.2 63.1023 1.13 63.1023

NCP> def mod access-cont circ eth/0 filter 1.4 63.1023 1.13 63.1023

NCP> def mod access-cont circ eth/0 filter 0.0 0.0 1.9 63.1023

NCP> def mod access-cont circ eth/0 state on

Exclusive Access Control

Figure 17 on page 256 shows how exclusive access control isolates node 4.4 from
the rest of the campus.

Source
Result

Source
Mask

Destination
Result

Destination
Mask

Inclusive Filter Information

1.2
1.4
0.0

63.1023
63.1023
0.0

1.13
1.13
1.9

63.1023
63.1023
63.1023

1.2

1.13

1.20

1.9

1.19

1.22

1.23

1.4

Eth/0

PPP/0

Figure 16. Example of Inclusive Access Control

Using DNA IV

Chapter 7. Using DNA IV

255