Use the list option to associate this port mapping to the specific hosts in the ACL. To configure PAM, use the ip port-map command, as follows: If CBAC finds an entry in the PAM table that maps port 21 (the system-defined port for FTP) with SMTP for a specific host, for example, CBAC identifies port 21 as SMTP protocol traffic on that host. Host-specific port mapping enables you to override a system-defined entry in the PAM table. For example, hosts on subnet 10.100.10.11 might run HTTP services on nonstandard port 8080, whereas other traffic through the firewall uses the default port for HTTP services, which is port 80. Host-specific port mapping also enables you to apply PAM to a specific subnet when that subnet runs a service that uses a port number that differs from the port number defined in the default mapping information. This means that you can map port 8080 with HTTP services for one host, while mapping port 8080 with telnet services for another host. With host-specific port mapping, you can use the same port number for different services on different hosts. In some environments, it might be necessary to override the default port-mapping information for a specific host or subnet. User-defined port mapping information can also specify a range of ports for an application by establishing a separate entry in the PAM table for each port number in the range. After you define a port mapping, you can overwrite that entry at a later time by just mapping that specific port with a different application.
If telnet services run on other ports, use PAM to create additional port-mapping entries. In this case, you can use PAM to map port 9000 with telnet services. For example, your network might run telnet services on the nonstandard port 9000 rather than on the system-defined default port (port 23). Network services or applications that use nonstandard ports require user-defined entries in the PAM table. All Rights Reserved.) User-Defined Port Mapping (This table has been reproduced by Cisco Press with the permission of Cisco Systems Inc. H.323 Protocol (for example, Microsoft NetMeeting, Intel Video Phone) Table 13-2 Default System-Defined Services and Applications in the PAM Table Table 13-2 lists the default system-defined services and applications in the PAM table. The system-defined mapping information cannot be deleted or changed that is, you cannot map SMTP services to port 21 (FTP) or FTP services to port 80 (HTTP). The system-defined entries comprise all the services supported by CBAC, which requires the system-defined mapping information to function properly. ■ Host-Specific Port Mapping System-Defined Port Mappingīy default a table of system-defined mapping entries using the well-known or registered port mapping is created. The PAM table provides three types of mapping information, each of which is discussed in more detail in the following sections. Host- or subnet-specific port mapping is done using standard IP ACLs. PAM also supports host- or subnet-specific port mapping, which enables you to apply PAM to a single host or subnet using standard ACLs. Using PAM, network administrators can customize access control for specific applications and services to meet the distinct needs of their networks. PAM enables CBAC-supported applications to be run on nonstandard ports. PAM uses this information to support network environments that run services using ports that are different from the registered or well-known ports associated with an application. Port-to- application mapping (PAM) enables you to customize TCP or UDP port numbers for network services or applications.
0 kommentar(er)
