IES Service Configuration Commands
7750 SR OS Services Guide Page 943
command will fail. The anti-spoof type mac command will also fail if the SAP does not support
Ethernet encapsulation.
ip-mac — Configures SAP anti-spoof filtering to use both the source IP address and the source MAC
address in its lookup. If a static host exists on the SAP without both the IP address and MAC
address specified, the anti-spoof type ip-mac command will fail. This is also true if the default
anti-spoof filter type of the SAP is ip-mac and the default is not overridden. The anti-spoof type
ip-mac command will also fail if the SAP does not support Ethernet encapsulation.
app-profile
Syntax app-profile app-profile-name
no app-profile
Context config>service>ies>if>sap
config>service>ies>sub-if>grp-if>sap
Description This command configures the application profile name.
Parameters app-profile-name — Specifies an existing application profile name configured in the config>app-
assure>group>policy context.
anti-spoof
Syntax anti-spoof {ip | ip-mac | nh-mac}
no anti-spoof
Context config>service>ies>sub-if>grp-if>sap
Description This command enables anti-spoof filtering and optionally changes the anti-spoof matching type for
the SAP.
The type of anti-spoof filtering defines what information in the incoming packet is used to generate
the criteria to lookup an entry in the anti-spoof filter table. The type parameter (ip, ip-mac) defines
the anti-spoof filter type enforced by the SAP when anti-spoof filtering is enabled.
The no form of the command disables anti-spoof filtering on the SAP.
Default ip-mac
Parameters ip — Configures SAP anti-spoof filtering to use only the source IP address in its lookup. If a static
host exists on the SAP without an IP address specified, the anti-spoof type ip command will fail.
ip-mac — Configures SAP anti-spoof filtering to use both the source IP address and the source MAC
address in its lookup. If a static host exists on the SAP without both the IP address and MAC
address specified, the anti-spoof type ip-mac command will fail. This is also true if the default
anti-spoof filter type of the SAP is ip-mac and the default is not overridden. The anti-spoof type
ip-mac command will also fail if the SAP does not support Ethernet encapsulation.
nh-mac — Indicates that the ingress anti-spoof is based on the source MAC address and the egress
anti-spoof is based on the nh-ip-address.
To Next Page
Loading...
