The provisioning example in this section applies to both Gateway Screening and MSU Tracing. However, if you want to provision the system for only MSU Tracing, make sure to set Screening Test Mode to ENABLED in the Web UI (see Screening Table Features). Any other differences between the two application are clearly indicated in the section.
In mated pair configurations, both STPs must be configured for GWST separately.
Before you start gateway screening or MSU tracing provisioning, make sure that the system-wide attributes are defined as required for your network configuration. For more information, see Configuring GWST Configuration.
The following figure shows a typical network for the example in this section.
Typical Network to Illustrate Gateway Screening or MSU Tracing Provisioning
The provisioning criteria is as follows:
- Block all user traffic from 110.3.*
- Block all user traffic with SI=5 from 110.2.2 to all DPCs
- Allow user traffic with SI=3 from 110.2.2 to 200.1.1
The GWST tables must be provisioned as follows in the order indicated (see the following table).
GWST Tables to be Provisioned for the Example in this Section
Table | EPR | Criteria | Next Screening Step |
---|
Allowed DPC | 1 | PC=200.1.1 | STOP |
Allowed SIO | 1 | SI=0&&2 | STOP |
| SI=3 | Allowed DPC (EPR1) |
| SI=5 | FAIL |
Allowed OPC | 1 | PC=110.3.* | FAIL |
| PC=110.2.2 | Allowed SIO (EPR1) |
Incoming Linkset | 1 (NA) | PC=110.1.1 | Allowed OPC (EPR1) |
PC=110.1.2 | Allowed OPC (EPR1) |
The following procedures must be completed in the order indicated to meet the provisioning criteria for the network illustrated in Figure Typical Network to Illustrate Gateway Screening or MSU Tracing Provisioning.
- From the Main Menu, click GWS and MSU Tracing.
- Click GWST Tables.
- Click Allowed DPCs.
- Click Create Allowed DPC.
- Configure the required attributes.
- Click Continue.
- From the Main Menu, click GWS and MSU Tracing.
- Click GWST Tables.
- Click Allowed SIOs.
Click Create Allowed SIO.
Tip
You must allow SLT (SI=1 or SI=2) and mgmt (SI=0) messages or else the link bounces.
- Do the following:
- In the EPR text box, enter 1.
- In the SI Range text box, enter 3.
- In the NI drop-down list, select NI_10.
- In the PRI Range text box, enter *.
- Click Create.
- Click Create Allowed SIO again.
- Do the following:
- In the EPR text box, enter 1.
- In the SI Range text box, enter 5.
- In the NI drop-down list, select NI_10.
- In the PRI Range text box, enter *.
- Click Create.
- Click Create Allowed SIO again.
- Do the following:
- In the EPR text box, enter 1.
- In the SI Range text box, enter 0&&2.
- In the NI drop-down list, select NI_10.
- In the PRI Range text box, enter *.
- Click Create and then Continue.
To link the Allowed SIO table with the Allowed DPC table (All traffic with SI=3 to DPC 200.1.1 allowed)
- From the Main Menu, click GWS and MSU Tracing.
- Click GWST Tables.
- Click Allowed SIOs.
- Click Continue.
- Click EPR with SI Range = 3.
- Do the following:
- In the Next Table drop-down list, select Allowed DPCs.
- In the Next EPR text box, enter 1.
- Click Continue.
To trace MSUs in Allowed SIO SI 3
- From the Main Menu, click MSU Tracing.
- Click GWST Tables.
- Click Allowed SIOs.
- Click EPR with SI Range = 3.
- Click Allowed SIO Features.
- Using the MSU Tracing drop-down list, select ENABLED.
- Click Continue. You are prompted to confirm the selected action.
- Click Continue.
To fail all traffic with SI=5 to all destinations from 110.2.2
- From the Main Menu, click GWS and MSU Tracing.
- Click GWST Tables.
- Click Allowed SIOs.
- Click EPR with SI Range = 5.
- In the Next EPR text box, enter FAIL to block all traffic with SI=5.
- Click Continue.
To trace MSUs in Allowed SIO SI 5
- From the Main Menu, click MSU Tracing.
- Click GWST Tables.
- Click Allowed SIOs.
- Click EPR with SI Range = 5.
- Click Allowed SIOs Features.
- Using the MSU Tracing drop-down list, select ENABLED.
- Click Continue.
To link the Allowed OPC with Allowed SIO table
- From the Main Menu, click GWS and MSU Tracing.
- Click GWST Tables.
- Click Allowed OPCs.
- Click Create Allowed OPC.
- Do the following:
- In the EPR text box, enter 1.
- In the PC Range text box, enter 110.2.2.
- Click Continue.
- Select the record you just created.
- Do the following:
- In the Next Table drop-down list, select Allowed SIOs.
- In the Next EPR text box, enter 1.
- Click Continue.
To block all traffic from OPC 110.3.*
- From the Main Menu, click GWS and MSU Tracing.
- Click GWST Tables.
- Click Allowed OPCs.
- Click Create Allowed OPC.
- Do the following:
- In the EPR text box, enter 1.
- In the PC Range text box, enter 110.3.*.
- Click Continue.
- Select the record that you just created.
- Change Next EPR to FAIL.
- Click Continue.
To trace MSUs in Allowed OPC 110.5*
- From the Main Menu, click MSU Tracing.
- Click GWST Tables.
- Click Allowed OPCs.
- Click EPR with PC Range = 110.3*
- Click Allowed OPC Features.
- Using the MSU Tracing drop-down list, select ENABLED.
- Click Continue.
To link the Incoming Linkset with the Allowed OPC table
- From the Main Menu, click GWS and MSU Tracing.
- Click GWST Tables.
- Click Incoming Linksets.
- Click Create Incoming Linkset.
- Do the following:
- In the NA text box, enter 1.
- In the Point Code text box, enter 110.1.1.
- Click Continue.
- Select the record that you just created.
- Do the following:
- Using the Next Table drop-down list, select Allowed SIOs.
- In the Next EPR text box, enter 1.
- Click Continue.
Repeat the procedure for Incoming Linkset 100.1.2.