Enterasys csx150 Betriebsanweisung
USER’S GUIDE
232 CyberSWITCH
6.
Select IP Information.
7.
Select either IP Input Filter or IP Output filter.
8.
Provide the filter name.
IP F
ILTERS
C
ONFIGURATION
E
LEMENTS
The following elements are described in terms of the individual comparisons which make up the
packet types. When an IP packet is subjected to a filter, the following comparisons are executed.
The final result of the comparisons is a “match” if all comparisons are true, and a “no match”
otherwise.
packet types. When an IP packet is subjected to a filter, the following comparisons are executed.
The final result of the comparisons is a “match” if all comparisons are true, and a “no match”
otherwise.
IP A
DDRESSES
These elements allow filtering based on the IP Addresses, which are expressed in two dotted
decimal quantities, a Mask and a Target. The comparison entails the logical “AND” operation of
the packet’s IP Address and the specified Mask. The result of this operation is compared against
the Target in either an EQUAL (EQ) or NOT EQUAL (NEQ) operation for determining if a match
has occurred. The mask is used to create wild card or don’t care conditions for the address
comparison (‘1’ bits are significant and ‘0’ bits are don’t cares).
decimal quantities, a Mask and a Target. The comparison entails the logical “AND” operation of
the packet’s IP Address and the specified Mask. The result of this operation is compared against
the Target in either an EQUAL (EQ) or NOT EQUAL (NEQ) operation for determining if a match
has occurred. The mask is used to create wild card or don’t care conditions for the address
comparison (‘1’ bits are significant and ‘0’ bits are don’t cares).
Examples:
IP P
ROTOCOL
This element applies a check to the Protocol field of the IP header using either an EQUAL or NOT
EQUAL comparison. Symbolic mnemonics are supplied for the most popular upper level protocols
(TCP, UDP, ICMP); when using an EQUAL comparison on these values, the corresponding
protocol-specific comparisons are then enabled. A numeric value N (an unsigned quantity between
0 and 255) can be used for any other protocol without a specific mnemonic. “ANY” can also be
specified as the protocol and is the default value, along with an EQUAL comparison, to yield the
wild card value.
EQUAL comparison. Symbolic mnemonics are supplied for the most popular upper level protocols
(TCP, UDP, ICMP); when using an EQUAL comparison on these values, the corresponding
protocol-specific comparisons are then enabled. A numeric value N (an unsigned quantity between
0 and 255) can be used for any other protocol without a specific mnemonic. “ANY” can also be
specified as the protocol and is the default value, along with an EQUAL comparison, to yield the
wild card value.
TCP
AND
UDP P
ORTS
These elements allow filtering based on the TCP Source and Destination Port fields, which are
treated as 16 bit unsigned quantities (0-65535). These can be used to trap applications that have
well-known port addresses, such as Telnet, FTP, etc. The packet’s port value is compared to the
value in the type using the specified operator:
treated as 16 bit unsigned quantities (0-65535). These can be used to trap applications that have
well-known port addresses, such as Telnet, FTP, etc. The packet’s port value is compared to the
value in the type using the specified operator:
0.0.0.0 EQ 0.0.0.0
Matches any IP address (wildcard and de-
fault).
fault).
255.255.255.0 EQ 128.131.23.0
If Class B network 128.131.0.0 is subnetted
with 8 bits, this comparison matches any
host on subnet 23.
with 8 bits, this comparison matches any
host on subnet 23.
255.255.255.0 NEQ 128.131.23.0
If Class B network 128.131.0.0 is subnetted
with 8 bits, this comparison matches any
host except those on subnet 23
with 8 bits, this comparison matches any
host except those on subnet 23
255.255.255.255 EQ 128.131.23.59
Matches exactly the host 128.131.23.59
255.255.255.255 NEQ 128.131.23.59
Matches every host except 128.131.23.59