Enterasys ssr-glx19-02 Guia Do Utilizador
Chapter 13: Configuring Security on the SSR
228
CoreWatch User’s Manual
8.
If you are applying multiple ACLs to an interface, configure those ACLs to govern
either inbound traffic or outbound traffic. To do so, take the following steps:
either inbound traffic or outbound traffic. To do so, take the following steps:
a.
Click an ACL that you want to apply to inbound traffic. In the Access Control
List: Edit ACL
List: Edit ACL
dialog box that appears, select the Input check box and ensure that
the Output check box is not selected. Then click OK.
b. Click an ACL that you want to apply to outbound traffic. In the Access Control
List: Edit ACL
dialog box that appears, select the Output check box and ensure
the Input check box is not selected. Then click OK.
Note:
When applying multiple IP ACLs to an IP interface, one ACL must
govern inbound traffic and the other ACL must govern outbound traffic.
When applying multiple ACLs of the same type (IPX, IPX RIP, and IPX
SAP) to an IPX interface, one ACL must govern inbound traffic and the
other must govern outbound traffic.
govern inbound traffic and the other ACL must govern outbound traffic.
When applying multiple ACLs of the same type (IPX, IPX RIP, and IPX
SAP) to an IPX interface, one ACL must govern inbound traffic and the
other must govern outbound traffic.
Setting Layer-2 Security
Layer-2 security filters on the SSR allow you to configure ports to filter specific MAC
addresses. When defining a Layer-2 security filter, you specify to which ports you want
the filter to apply. You can specify the following security filters:
addresses. When defining a Layer-2 security filter, you specify to which ports you want
the filter to apply. You can specify the following security filters:
•
Address filters
These filters block traffic based on the frame’s source MAC address, destination MAC
address, or both source and destination MAC addresses in flow bridging mode.
Address filters are always configured and applied to the input port.
address, or both source and destination MAC addresses in flow bridging mode.
Address filters are always configured and applied to the input port.
•
Port-to-address lock filters
These filters prohibit a user connected to a locked port or set of ports from using
another port.
another port.
•
Static-entry filters
These filters allow or force traffic to go to a set of destination ports based on a frame’s
source MAC address, destination MAC address, or both source and destination MAC
addresses in flow bridging mode. Static entries are always configured and applied at
the input port.
source MAC address, destination MAC address, or both source and destination MAC
addresses in flow bridging mode. Static entries are always configured and applied at
the input port.
•
Secure port filters
These filters shut down access to the SSR based on MAC addresses. All packets
received by a port are dropped. When combined with static entries, however, these
filters can be used to drop all received traffic but allow some frames to go through.
received by a port are dropped. When combined with static entries, however, these
filters can be used to drop all received traffic but allow some frames to go through.