xStack DES-3500 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual
92
CPU Interface Filtering
Due to a chipset limitation and the need for extra switch security, the xStack DES-3500 Series switches incorporate CPU Interface
filtering. This added feature increases the running security of the Switch by enabling the user to create a list of access rules for
packets destined for the Switch’s CPU interface. Employed similarly to the Access Profile feature previously mentioned, CPU
interface filtering examines Ethernet, IP and Packet Content Mask packet headers destined for the CPU and will either forward
them or filter them, based on the user’s implementation. As an added feature for the CPU Filtering, the Switch allows the CPU
filtering mechanism to be enabled or disabled globally, permitting the user to create various lists of rules without immediately
enabling them.
Creating an access profile for the CPU is divided into two basic parts. The first is to specify which part or parts of a frame the
Switch will examine, such as the MAC source address or the IP destination address. The second part is entering the criteria the
Switch will use to determine what to do with the frame. The entire process is described below.
CPU Interface Filtering Profile Table
Click
Configuration
>
CPU Interface Filtering
to display the CPU Access Profile Table entries created on the Switch. To view
the configurations for an entry, click the hyperlinked
Profile ID
number.
Figure 6- 70. CPU Interface Filtering window
To add an entry to the
CPU Interface Filtering Profile Table
, click the
Add
button. This will open the
CPU Interface Filtering
Profile Configuration
page, as shown below. There are three
CPU
Access Profile Configuration
pages; one for
Ethernet
(or
MAC address-based) profile configuration, one for
IP
address-based profile configuration and one for the
Packet Content Mask
.
You can switch between the three
CPU Access Profile Configuration
pages by using the
Type
drop-down menu. The page
shown below is the
Ethernet CPU Interface Filtering Configuration
page.
Figure 6- 71. CPU Interface Filtering Profile Configuration window for Ethernet
The following fields may be modified: