Specifications
Table Of Contents
- Title Page
- Notice
- Contents
- acl Commands
- acl-edit Commands
- aging Commands
- arp Commands
- cli Commands
- configure Command
- copy Command
- dvmrp Commands
- enable Command
- erase Command
- exit Command
- file Commands
- filters Commands
- http Commands
- igmp Commands
- interface Commands
- ip Commands
- ip-router Commands
- Command Summary
- ip-router authentication add key-chain
- ip-router authentication create key-chain
- ip-router global add
- ip-router global set
- ip-router global set trace-options
- ip-router global set trace-state
- ip-router global use provided_config
- ip-router kernel trace
- ip-router policy add filter
- ip-router policy add optional-attributes-list
- ip-router policy aggr-gen destination
- ip-router policy create aggregate-export-source
- ip-router policy create aggr-gen-dest
- ip-router policy create aggr-gen-source
- ip-router policy create aspath-export-source
- ip-router policy create bgp-export-destination
- ip-router policy create bgp-export-source
- ip-router policy create bgp-import-source
- ip-router policy create direct-export-source
- ip-router policy create filter
- ip-router policy create optional-attributes-list
- ip-router policy create ospf-export-destination
- ip-router policy create ospf-export-source
- ip-router policy create ospf-import-source
- ip-router policy create rip-export-destination
- ip-router policy create rip-export-source
- ip-router policy create rip-import-source
- ip-router policy create static-export-source
- ip-router policy create tag-export-source
- ip-router policy export destination
- ip-router policy import source
- ip-router policy redistribute
- ip-router show configuration file
- ip-router show state
- ipx Commands
- l2-tables Commands
- logout Command
- multicast Commands
- mtrace Command
- negate Command
- no Command
- ospf Commands
- Command Summary
- ospf add interface
- ospf add nbma-neighbor
- ospf add network
- ospf add stub-host
- ospf add virtual-link
- ospf create area
- ospf create-monitor
- ospf monitor
- ospf set area
- ospf set ase-defaults
- ospf set export-interval
- ospf set export-limit
- ospf set interface
- ospf set monitor-auth-method
- ospf set trace-options
- ospf set virtual-link
- ospf show
- ospf start|stop
- ping Command
- port Commands
- qos Commands
- reboot Command
- rip Commands
- save Command
- show Command
- snmp Commands
- statistics Commands
- stp Commands
- system Commands
- Command Summary
- system image add
- system image choose
- system image delete
- system image list
- system promimage upgrade
- system set bootprom
- system set contact
- system set date
- system set dns
- system set location
- system set name
- system set password
- system set poweron-selftest
- system set syslog
- system set terminal
- system show
- traceroute Command
- vlan Commands
Chapter 13 filters Commands
The filters commands let you create and apply the following types of security filters:
• Address filters – Address filters block traffic based on a frame’s source MAC
address, destination MAC address, or both. Address filters are always configured
and applied on the input port.
• Static entry filters – Static entry filters allow or force traffic to go to a set of destina-
tion ports based on a frame’s source MAC address, destination MAC address, or
both. Static entry filters are always configured and applied on the input port. You
can configure source static entry filters, destination static entry filters, and flow
static entry filters. Source static entry filters allow or disallow frames based on their
source MAC address; destination static entry filters allow or disallow frames based
on their destination MAC address. Flow static entries allow or disallow traffic based
on their source and destination MAC addresses.
• Port-to-address locks – Port-to-address lock filters “lock” a user to a port or set of
ports, disallowing them access to other ports.
• Secure ports – Secure port filters shut down Layer-2 access to the SSR from a spe-
cific port or drop all Layer-2 packets received by a port. Used by themselves, secure
ports secure unused SSR ports. When used in conjunction with static entry filters,
secure ports drop all received or sent traffic (depending on the static entry filter)
except traffic forced to or from the port by the static entry filter.
Command Summary
Table 8 lists the filters commands. The sections following the table describe the
command syntax.
Table 8: filters commands
filters add address-filter name
<name>
source-mac
<MACaddr>
dest-mac
<MACaddr>
vlan
<VLAN-num>
in-port-list
<port-list>
filters add port-address-lock name
<name>
source-mac
<MACaddr>
vlan
<VLAN-num>
in-port-list
<port-list>
filters add secure-port name
<name>
direction source|destination vlan
<VLAN-num>
in-port-list
<port-list>
Chapter 13