Secure switch access, Secure switch access -4 – Alcatel Carrier Internetworking Solutions Omni Switch/Router User Manual

Page 206

Advertising
background image

Secure Switch Access

Page 8-4

Secure Switch Access

Secure Switch Access is a filtering program that prevents unauthorized access to the switch by
allowing you to define a list of filters and filter points. For Secure Switch Access, filters are
lists of source traffic that are allowed onto the switch. Filter points operate on

IP

protocols

that include

FTP

, Telnet,

SNMP

,

TFTP

,

HTTP

, and a custom

IP

protocol. Whenever any of these

filter points is enabled, all filters configured for that protocol are applied to incoming traffic
using the filter point protocol.

All access violations are logged. If a filtering point is not enabled, it is accessible to all users.

Configuring the Secure Switch Access Filter Database

Use the

secdefine

command to view and configure the database of secure access filters. This

database includes information on filter names, source

IP

addresses, source

MAC

addresses,

and the physical ports receiving data.

The following is a sample

secdefine

display:

Secure Access Filter Database

List

(l) :

Create

(c):

Delete

(d):

Modify

(m):

Find

(f):

Help

(h):

Quit

(q):

Enter selection:

Select an option by entering the relevant letter at the selection prompt. To exit this menu,
enter

q

(quit). Descriptions and sample displays for each of the options are as follows:

List

This is a list of all defined filters. A filter determines what traffic is allowed on the switch. The
list includes information on the filter’s name,

IP

Address,

MAC

Address, and physical port

receiving the user’s data. The following is a sample display:

Source IP

Source MAC

Slot

Port

Filter Name

Address

Address

#

#

---------------------------------------------------------------------------------------------------------
Engineering

198.34.56.10

0:23:da:67:97:e4

4

1

Test

ANY

ANY

7

3

Accounting

172.14.25.13

0:32:e4:a3:6f:e4

2

1

HR

198.34.56.15

ANY

ANY

ANY

The

value

ANY

displays if a field is left blank when configuring filter information through the

Create (c)

option. The

ANY

value signifies a “don’t care” condition. When an inbound packet is

checked against a Filter Name to establish authorized access, the

ANY

fields are not checked.

Advertising
Popular Brands
Popular manuals