Enterasys csx200 Guia Do Utilizador
About the CSX200
CSX200 Family User’s Guide
15
Bridging and Routing Protocol Filtering
Filtering is used to allow efficient usage of network resources and provide security for your
network and hosts.
network and hosts.
IP Internet Firewall —
The CSX200 supports IP Internet Firewall filtering to prevent
unauthorized access to your system and network resources from the Internet or a corporate
Intranet. Security can be configured to permit or deny IP traffic. The security is established by
configuring IP access filters, which are based on source IP address, source mask, destination IP
address, destination mask, protocol type, and application port identifiers for both Transmission
Control Protocol (TCP) and User Datagram Protocol (UDP) protocols. These IP access filters
allow individual IP source and destination pair filtering as well as IP address ranges and wild
carding to match any IP address. These Firewall filters can be defined to allow inbound only,
outbound only, or bi-directional IP communication up to the UDP and TCP application port level.
Firewall access filters provide a lot of flexibility to establish a powerful IP security barrier. The
CSX200 supports the IP Access Control (from the ctip-mib) Internet Firewall Filter.
Intranet. Security can be configured to permit or deny IP traffic. The security is established by
configuring IP access filters, which are based on source IP address, source mask, destination IP
address, destination mask, protocol type, and application port identifiers for both Transmission
Control Protocol (TCP) and User Datagram Protocol (UDP) protocols. These IP access filters
allow individual IP source and destination pair filtering as well as IP address ranges and wild
carding to match any IP address. These Firewall filters can be defined to allow inbound only,
outbound only, or bi-directional IP communication up to the UDP and TCP application port level.
Firewall access filters provide a lot of flexibility to establish a powerful IP security barrier. The
CSX200 supports the IP Access Control (from the ctip-mib) Internet Firewall Filter.
Bridge Filtering —
Bridge filtering allows a network administrator to control the flow of packets
across the CSX200. Bridge filtering can be used to “deny” or “allow” packets based on a “matched
pattern” using a specified position and hexadecimal content within the packet. This enables
restricting or forwarding of messages based on address, protocol, or data content. Common uses
include preventing access to remote networks, controlling unauthorized access to the local
network, and limiting unnecessary traffic.
pattern” using a specified position and hexadecimal content within the packet. This enables
restricting or forwarding of messages based on address, protocol, or data content. Common uses
include preventing access to remote networks, controlling unauthorized access to the local
network, and limiting unnecessary traffic.
The CSX200 supports the following Bridge Filters:
•
dot1dStatic Filters (IETF RFC1493)
•
Ethernet Special Filtering Database (from the ctbridge-mib)