3com 812 Manual De Usuario
Configuring Filters for a
VPN Tunnel
To configure filters for a VPN tunnel, use the following commands:
set tunnel <tunnel name> input_filter <filter_name>
set tunnel <tunnel name> output_filter <filter_name>
set tunnel <tunnel name> output_filter <filter_name>
For more information about configuring a VPN Tunnel (including information
about configuring filters), see
about configuring filters), see
,
, and
.
Setting Filter Access
Using CLI
When filters are assigned to both the WAN interface and a VC/remote site profile,
you need to tell the router which one to use using the filter access parameter. If
filter access is ON, the VC / remote site filters will override interface filters. If filter
access is OFF, then the interface filters are used.
you need to tell the router which one to use using the filter access parameter. If
filter access is ON, the VC / remote site filters will override interface filters. If filter
access is OFF, then the interface filters are used.
Always turn filter access OFF for the Ethernet interface since there are no profiles
associated with it. If you do not turn if off, the filter will not be applied.
associated with it. If you do not turn if off, the filter will not be applied.
To set the filter access parameter to ON for a specific interface, use the CLI
command
command
set interface <interface_name> filter_access ON
To set the filter access parameter to OFF for a specific interface, use the CLI
command
command
set interface <interface_name> filter_access OFF
Managing Filters
Using CLI
Using CLI
This section provides information about how to perform filter management tasks.
Displaying the Managed
Filter List Using CLI
To display the list of managed filters, use the following command:
list filters <filter_name>
The resulting display might look like this:
Adding Filters to the
Managed List Using CLI
The add filter command verifies filter syntax prior to adding the filter to the
managed list. If the syntax is valid, no message is generated and the command
prompt returns. If syntax errors exist, error messages are generated detailing the
cause of the errors.
managed list. If the syntax is valid, no message is generated and the command
prompt returns. If syntax errors exist, error messages are generated detailing the
cause of the errors.
If the syntax is invalid, the filter is still added to the managed list with a status of
verify failed. To correct filter file errors, you must make the changes to the original
filter file using a text editor, and re-TFTP the file to the router’s FLASH memory.
verify failed. To correct filter file errors, you must make the changes to the original
filter file using a text editor, and re-TFTP the file to the router’s FLASH memory.
Then use the verify filter command to check the filter file syntax.
To add a filter file to the list of managed filters, use the CLI command
add filter <filter name>
Filter Name
Status
Protocols
ip.fil
NORMAL
IP IP-RIP