Enterasys ssr-atm29-02 ユーザーガイド
Chapter 13: Configuring Security on the SSR
226
CoreWatch Users Guide
11. Click Next. In the second Bind to Port panel that appears, specify the ports to which
you are allowing, disallowing, or forcing packets. Then click Finish.
Configuration Expert adds the filter to those found in the L2 Static Entries object. The
ports to which the filter applies are included in that filter’s Bound Port List object. The
ports to which you are allowing, disallowing, or forcing packets are included in the filter’s
Out Port List object.
ports to which the filter applies are included in that filter’s Bound Port List object. The
ports to which you are allowing, disallowing, or forcing packets are included in the filter’s
Out Port List object.
Configuring Layer-2 Secure Port Filters
Secure port filters block access to a specified port. You can use a secure port filter by itself
to secure unused ports. Secure port filters can be configured as source or destination port
filters. A secure port filter applied to a source port forces all incoming packets to be
dropped on a port. A secure port filter applied to a destination port prevents packets from
going out a certain port.
to secure unused ports. Secure port filters can be configured as source or destination port
filters. A secure port filter applied to a source port forces all incoming packets to be
dropped on a port. A secure port filter applied to a destination port prevents packets from
going out a certain port.
You can combine this secure port filters with static entries in the following ways:
•
Combine a source secure port filter with a source static entry to drop all received traffic
but allow any frame coming from a specific source MAC address to go through.
but allow any frame coming from a specific source MAC address to go through.
•
Combine a source secure port filter with a flow static entry to drop all received traffic
but allow any frame coming from a specific source MAC address that is destined to a
specific destination MAC address to go through.
but allow any frame coming from a specific source MAC address that is destined to a
specific destination MAC address to go through.
•
Combine a destination secure port with a destination static entry to drop all received
traffic but allow any frame destined to a specific destination MAC address to go
through.
traffic but allow any frame destined to a specific destination MAC address to go
through.
•
Combine a destination secure port filter with a flow static entry to drop all received
traffic but allow any frame coming from a specific source MAC address that is destined
to a specific destination MAC address to go through.
traffic but allow any frame coming from a specific source MAC address that is destined
to a specific destination MAC address to go through.
To configure secure port filters:
1.
Start Configuration Expert if you have not already done so.
2.
Open the configuration file you want to modify and then double-click that file’s
Security Configuration object.
Security Configuration object.
3.
Double-click the L2 Security object.
4.
Click the Configure New L2 Security Profile object.
Configuration Expert opens the L2 Security wizard.