Chapter 13: Configuring Security on the SSR
228
CoreWatch User’s Manual
8.
If you are applying multiple ACLs to an interface, configure those ACLs to govern
either inbound traffic or outbound traffic. To do so, take the following steps:
a.
Click an ACL that you want to apply to inbound traffic. In the
Access Control
List: Edit ACL
dialog box that appears, select the
Input
check box and ensure that
the
Output
check box is not selected. Then click
OK
.
b. Click an ACL that you want to apply to outbound traffic. In the
Access Control
List: Edit ACL
dialog box that appears, select the
Output
check box and ensure
the
Input
check box is not selected. Then click
OK
.
Note:
When applying multiple IP ACLs to an IP interface, one ACL must
govern inbound traffic and the other ACL must govern outbound traffic.
When applying multiple ACLs of the same type (IPX, IPX RIP, and IPX
SAP) to an IPX interface, one ACL must govern inbound traffic and the
other must govern outbound traffic.
Setting Layer-2 Security
Layer-2 security filters on the SSR allow you to configure ports to filter specific MAC
addresses. When defining a Layer-2 security filter, you specify to which ports you want
the filter to apply. You can specify the following security filters:
•
Address filters
These filters block traffic based on the frame’s source MAC address, destination MAC
address, or both source and destination MAC addresses in flow bridging mode.
Address filters are always configured and applied to the input port.
•
Port-to-address lock filters
These filters prohibit a user connected to a locked port or set of ports from using
another port.
•
Static-entry filters
These filters allow or force traffic to go to a set of destination ports based on a frame’s
source MAC address, destination MAC address, or both source and destination MAC
addresses in flow bridging mode. Static entries are always configured and applied at
the input port.
•
Secure port filters
These filters shut down access to the SSR based on MAC addresses. All packets
received by a port are dropped. When combined with static entries, however, these
filters can be used to drop all received traffic but allow some frames to go through.
Summary of Contents for SSR-GLX19-02
Page 1: ...CoreWatch User s Manual 9032564 04...
Page 2: ...Notice 2 CoreWatch User s Manual...
Page 20: ...Preface 20 CoreWatch User s Manual...
Page 64: ...Chapter 5 Changing System Settings 64 CoreWatch User s Manual...
Page 86: ...Chapter 6 Configuring SSR Bridging 86 CoreWatch User s Manual...
Page 106: ...Chapter 7 Configuring VLANs on the SSR 106 CoreWatch User s Manual...
Page 206: ...Chapter 12 Configuring QoS on the SSR 206 CoreWatch User s Manual...
Page 246: ...Chapter 13 Configuring Security on the SSR 246 CoreWatch User s Manual...
Page 363: ...CoreWatch User s Manual 363 Chapter 16 Configuring Routing Policies on the SSR 9 Click OK...
Page 364: ...Chapter 16 Configuring Routing Policies on the SSR 364 CoreWatch User s Manual...
Page 370: ...Chapter 17 Checking System Status 370 CoreWatch User s Manual...
Page 390: ...Chapter 18 Monitoring Real Time Performance 390 CoreWatch User s Manual...
Page 396: ...Chapter 19 Checking the Status of Bridge Tables 396 CoreWatch User s Manual...
Page 430: ...Chapter 20 Checking the Status of Routing Tables 430 CoreWatch User s Manual...
Page 442: ...Chapter 22 Obtaining Reports 442 CoreWatch User s Manual...
Page 456: ...Appendix B CoreWatch Menus 456 CoreWatch User s Manual...