Security Configuration Procedures
46 7705 SAR OS System Management Guide
Configuring IPv4 or IPv6 CPM (CSM) Filters
CPM filters control all traffic going in to the CSM, including all routing protocols. They
apply to packets from all network and access ports, but not to packets from a management
Ethernet port. CPM packet filtering is performed by network processor hardware using no
resources on the main CPUs.
Use the following CLI commands to configure an IPv4 CPM filter.
CLI Syntax: config>system>security
cpm-filter
default-action {accept | drop}
ip-filter
entry entry-id [create]
action {accept | drop}
description description-string
log log-id
match [protocol protocol-id]
dscp dscp-name
dst-ip {ip-address/mask|ip-address
netmask}
dst-port [tcp/udp port-number] [mask]
fragment {true | false}
icmp-code icmp-code
icmp-type icmp-type
ip-option ip-option-value [ip-
option-mask]
multiple-option {true | false}
option-present {true | false}
src-ip {ip-address/mask|ip-address
netmask}
src-port src-port-number [mask]
tcp-ack {true | false}
tcp-syn {true | false}
renum old-entry-id new-entry-id
Use the following CLI commands to configure an IPv6 CPM filter.
CLI Syntax: config>system>security
cpm-filter
default-action {accept | drop}
ipv6-filter
entry entry-id [create]
action {accept | drop}
description description-string
log log-id
To Next Page
Loading...
