Chapter 13: Configuring Security on the SSR
228
CoreWatch User’s Manual
8.
If you are applying multiple ACLs to an interface, configure those ACLs to govern
either inbound traffic or outbound traffic. To do so, take the following steps:
a.
Click an ACL that you want to apply to inbound traffic. In the
Access Control
List: Edit ACL
dialog box that appears, select the
Input
check box and ensure that
the
Output
check box is not selected. Then click
OK
.
b. Click an ACL that you want to apply to outbound traffic. In the
Access Control
List: Edit ACL
dialog box that appears, select the
Output
check box and ensure
the
Input
check box is not selected. Then click
OK
.
Note:
When applying multiple IP ACLs to an IP interface, one ACL must
govern inbound traffic and the other ACL must govern outbound traffic.
When applying multiple ACLs of the same type (IPX, IPX RIP, and IPX
SAP) to an IPX interface, one ACL must govern inbound traffic and the
other must govern outbound traffic.
Setting Layer-2 Security
Layer-2 security filters on the SSR allow you to configure ports to filter specific MAC
addresses. When defining a Layer-2 security filter, you specify to which ports you want
the filter to apply. You can specify the following security filters:
•
Address filters
These filters block traffic based on the frame’s source MAC address, destination MAC
address, or both source and destination MAC addresses in flow bridging mode.
Address filters are always configured and applied to the input port.
•
Port-to-address lock filters
These filters prohibit a user connected to a locked port or set of ports from using
another port.
•
Static-entry filters
These filters allow or force traffic to go to a set of destination ports based on a frame’s
source MAC address, destination MAC address, or both source and destination MAC
addresses in flow bridging mode. Static entries are always configured and applied at
the input port.
•
Secure port filters
These filters shut down access to the SSR based on MAC addresses. All packets
received by a port are dropped. When combined with static entries, however, these
filters can be used to drop all received traffic but allow some frames to go through.
Содержание SSR-GLX19-02
Страница 1: ...CoreWatch User s Manual 9032564 04...
Страница 2: ...Notice 2 CoreWatch User s Manual...
Страница 20: ...Preface 20 CoreWatch User s Manual...
Страница 64: ...Chapter 5 Changing System Settings 64 CoreWatch User s Manual...
Страница 86: ...Chapter 6 Configuring SSR Bridging 86 CoreWatch User s Manual...
Страница 106: ...Chapter 7 Configuring VLANs on the SSR 106 CoreWatch User s Manual...
Страница 206: ...Chapter 12 Configuring QoS on the SSR 206 CoreWatch User s Manual...
Страница 246: ...Chapter 13 Configuring Security on the SSR 246 CoreWatch User s Manual...
Страница 274: ...Chapter 15 Configuring BGP on the SSR 274 CoreWatch User s Manual Figure 184 BGP Peer Group Definition panel Options tab...
Страница 363: ...CoreWatch User s Manual 363 Chapter 16 Configuring Routing Policies on the SSR 9 Click OK...
Страница 364: ...Chapter 16 Configuring Routing Policies on the SSR 364 CoreWatch User s Manual...
Страница 370: ...Chapter 17 Checking System Status 370 CoreWatch User s Manual...
Страница 390: ...Chapter 18 Monitoring Real Time Performance 390 CoreWatch User s Manual...
Страница 396: ...Chapter 19 Checking the Status of Bridge Tables 396 CoreWatch User s Manual...
Страница 430: ...Chapter 20 Checking the Status of Routing Tables 430 CoreWatch User s Manual...
Страница 442: ...Chapter 22 Obtaining Reports 442 CoreWatch User s Manual...
Страница 456: ...Appendix B CoreWatch Menus 456 CoreWatch User s Manual...