Enterasys csx5500 用户指南
USER’S GUIDE
304 CyberSWITCH
Because the Packet Types within the conditions specify both source and destination address
information, Global application may often be sufficient to filter IP traffic across the entire system.
However, the Input, Output and User-Based application points are defined in case the
administrator needs to apply a finer level of filtering which cannot be obtained on a Global basis.
information, Global application may often be sufficient to filter IP traffic across the entire system.
However, the Input, Output and User-Based application points are defined in case the
administrator needs to apply a finer level of filtering which cannot be obtained on a Global basis.
Example: order of execution of filter application points
Application to Network Interfaces
A forwarding filter is
through the IP Interface configuration. A filter
may be applied to both the input and output stages of the Network Interface.
It is important to note that the Unnumbered WAN Interface which appears in the IP Interface
configuration is simply the enabling condition for operation with unnumbered WAN links. The
actual unnumbered Network Interfaces are created dynamically at run-time, with the name of the
remote WAN device providing the unique identifier for the Interface. Consequently, when a filter
is applied to the externally visible Unnumbered WAN Interface, it will apply to all dynamic
unnumbered interfaces which are created internally at run-time. If it desired to apply a filter to a
specific unnumbered interface, this can be accomplished by applying a User-Based filter.
configuration is simply the enabling condition for operation with unnumbered WAN links. The
actual unnumbered Network Interfaces are created dynamically at run-time, with the name of the
remote WAN device providing the unique identifier for the Interface. Consequently, when a filter
is applied to the externally visible Unnumbered WAN Interface, it will apply to all dynamic
unnumbered interfaces which are created internally at run-time. If it desired to apply a filter to a
specific unnumbered interface, this can be accomplished by applying a User-Based filter.
P
ACKET
T
YPES
A Packet Type is a set of comparisons which are made against the contents of an IP packet. It is the
fundamental element of an IP filter condition. For a match to occur, ALL the constituent
comparisons must yield a TRUE result. The type is composed of a common packet portion which
specifies fields in the IP header, and a protocol-specific portion which references the upper- layer
protocol fields and is dependent upon which Protocol field of the IP Header, if any, is used as a
criterion.
fundamental element of an IP filter condition. For a match to occur, ALL the constituent
comparisons must yield a TRUE result. The type is composed of a common packet portion which
specifies fields in the IP header, and a protocol-specific portion which references the upper- layer
protocol fields and is dependent upon which Protocol field of the IP Header, if any, is used as a
criterion.
OUTPUT
USER
INPUT
USER
Network Interface
Network Interface
GLOBAL
IP Routing Process
CONNECTION
Filter Application Points
Filter Execution Order