Enterasys csx400 Benutzerhandbuch
About the CSX400
18 CSX400 and CSX400-DC User’s Guide
Bridging and Routing Protocol Filtering
Filtering is used to allow efficient usage of network resources and provide security for your
network and hosts.
network and hosts.
IP Internet Firewall —
The CSX400 supports IP Internet Firewall filtering to prevent
unauthorized access to your system and network resources from the Internet or a corporate
Intranet. Security can be configured to permit or deny IP traffic. The security is established by
configuring IP access filters, which are based on source IP address, source mask, destination IP
address, destination mask, protocol type, and application port identifiers for both Transmission
Control Protocol (TCP) and User Datagram Protocol (UDP) protocols. These IP access filters
allow individual IP source and destination pair filtering as well as IP address ranges and wild
carding to match any IP address. These Firewall filters can be defined to allow inbound only,
outbound only, or bi-directional IP communication up to the UDP and TCP application port level.
Firewall access filters provide a lot of flexibility to establish a powerful IP security barrier. The
CSX400 supports the IP Access Control (from the ctip-mib) Internet Firewall Filter.
Intranet. Security can be configured to permit or deny IP traffic. The security is established by
configuring IP access filters, which are based on source IP address, source mask, destination IP
address, destination mask, protocol type, and application port identifiers for both Transmission
Control Protocol (TCP) and User Datagram Protocol (UDP) protocols. These IP access filters
allow individual IP source and destination pair filtering as well as IP address ranges and wild
carding to match any IP address. These Firewall filters can be defined to allow inbound only,
outbound only, or bi-directional IP communication up to the UDP and TCP application port level.
Firewall access filters provide a lot of flexibility to establish a powerful IP security barrier. The
CSX400 supports the IP Access Control (from the ctip-mib) Internet Firewall Filter.
Bridge Filtering —
Bridge filtering allows a network administrator to control the flow of packets
across the CSX400. Bridge filtering can be used to “deny” or “allow” packets based on a “matched
pattern” using a specified position and hexadecimal content within the packet. This enables
restricting or forwarding of messages based on address, protocol, or data content. Common uses
include preventing access to remote networks, controlling unauthorized access to the local
network, and limiting unnecessary traffic.
pattern” using a specified position and hexadecimal content within the packet. This enables
restricting or forwarding of messages based on address, protocol, or data content. Common uses
include preventing access to remote networks, controlling unauthorized access to the local
network, and limiting unnecessary traffic.
The CSX400 supports the following Bridge Filters:
•
dot1dStatic Filters (IETF RFC1493)
•
Ethernet Special Filtering Database (from the ctbridge-mib)
System Passwords
System passwords allow you to control access to the CSX400 by establishing three passwords.
Each password provides varying levels of access to the CSX400. The default password for each
access level is pre-set to public. If you do not wish to establish a password, press ENTER, the
default password is automatically selected.
Each password provides varying levels of access to the CSX400. The default password for each
access level is pre-set to public. If you do not wish to establish a password, press ENTER, the
default password is automatically selected.
The following definitions explain each of the three levels of access:
read-only —
This access level allows reading of device parameters not including system
passwords.