1
Download configuration
Transcript
,3$FFHVV)LOWHULQJ • Accept Addresses • with Wildcards (masks) • no reject! • Source Routing • Strict • Loose • All (ssr) (lsr) Core Switch 1/22/98 2-22 This is Layer 3 IP Filtering, for filtering calls to the SCP, not inter-port traffic. IP addresses which are authorized to access the SCP are entered into an IP Filter table which contains a maximum of 32 entries. No entries (the default) means accept anyone. myswitch::configuration accept delete show security ssr lsr ? ipaccess> all The “accept” command is used to make a table entry (ip address and mask). The “delete” command is used to remove an entry from the table. There are no commands to explicitly reject certain IP addresses. The “ssr” Strict Source Routing (how did I get here, no learned routes) tag helps to prevent spoofing of addresses. To only accept ssr packets from anything on the 12.34.0.0 subnet, type the following commands: configuration security ipaccess> accept 12.34.0.0 255.255.0.0 configuration security ipaccess> lsr disallow configuration security ipaccess> ssr allow The “lsr” command can be used to specify that the switch allows or disallows loose source routed packets from the list of IP addresses in the table. The “all” command is used to allow or disallow all forms of source routed packets from the list of IP addresses in the table. Copyright FORE Systems 1/22/98 Core Switch 2-22
