Security
7705 SAR OS System Management Guide Page 53
Configuring CPM (CSM) Filters
CPM filters control all traffic going in to the CSM, including all routing protocols. They
apply to packets from all network and access ports, but not to packets from a management
Ethernet port. CPM packet filtering is performed by network processor hardware using no
resources on the main CPUs.
Use the following CLI commands to configure a CPM filter.
CLI Syntax: config>system>security
cpm-filter
default-action {accept | drop}
ip-filter
entry entry-id [create]
action {accept | drop}
description description-string
log log-id
match [protocol protocol-id]
dscp dscp-name
dst-ip {ip-address/mask|ip-address netmask}
dst-port [tcp/udp port-number] [mask]
fragment {true | false}
icmp-code icmp-code
icmp-type icmp-type
ip-option ip-option-value [ip-option-mask]
multiple-option {true | false}
option-present {true | false}
src-ip {ip-address/mask|ip-address netmask}
src-port src-port-number [mask]
tcp-ack {true | false}
tcp-syn {true | false}
renum old-entry-id new-entry-id
The following displays a CPM filter configuration example:
A:ALU-49>config>sys>sec>cpm>ip-filter# info
----------------------------------------------
entry 10 create
action drop
description "CPM-Filter 10.4.101.2 #101"
log 101
exit
entry 20 create
no action
description "CPM-Filter 10.4.101.2 #201"
log 101
exit
no shutdown
----------------------------------------------
A:ALU-49>config>sys>sec>cpm>ip-filter#
To Next Page
Loading...
