Security
52
"FD 100/320Gbps NT and FX NT IHub System
Basics, Management and OAM Guide"
3HH-11982-AAAA-TQZZA Issue: 10
4.4.2.3 ip-filter
Table 38 ip-filter command
4.4.2.4 entry
Table 39 entry command
Context configure>system>security>cpu-filter
Description This command configures default action (accept or drop) for CPU filters which are common for
both IP and IPv6. This default action of IP/IPv6 is applicable for the relevant version of IP traffic
when the admin status of the IP-filter/IPv6-filter is up and no matching is available with any
Ipv4/Ipv6 entries.
Default accept
Parameters drop — Specifies that IP packets will be dropped unless there is a specific filter entry which
causes the packet to be forwarded. (ARP packets, for example, will not be dropped due to the
default action.)
accept — Specifies all packets will be accepted unless there is a specific filter entry which
causes the packet to be dropped.
Item Description
(2 of 2)
Item Description
Syntax [no] ip-filter
Context configure>system>security>cpu-filter
Description This command enables the context to configure IP filter parameters.
Item Description
Syntax [no] entry entry-id [create]
Context configure>system>security>cpu-filter>ip-filter
Description This command creates a configuration context for an CPU filter policy.
CPU filter policies specify either a forward or a drop action for packets based on the specified
match criteria.
Any changes made to the existing policy, using any of the sub-commands, will be applied
immediately to all services where this policy is applied.
The no form of the command deletes the CPU filter policy. A filter policy cannot be deleted until
it is removed from all SAPs or network ports where it is applied.
(1 of 2)
To Next Page
Loading...
