System Management Guide Security
Edition: 01 3HE 11018 AAAC TQZZA 45
3.9 Security Configuration Procedures
• Configuring IPv4 or IPv6 Management Access Filters
• Configuring IPv4 or IPv6 CPM (CSM) Filters
• Configuring Password Management Parameters
• IPSec Certificate Parameters
• Configuring Profiles
• Configuring Users
• Copying and Overwriting Users and Profiles
• Configuring SSH
• Configuring SSH Ciphers
• Configuring Login Controls
• RADIUS Configurations
• TACACS+ Configurations
• Configuring Keychains
3.9.1 Configuring IPv4 or IPv6 Management Access
Filters
Creating and implementing management access filters is optional. Management
access filters control all traffic going in to the CSM, including all routing protocols.
They apply to packets from all ports. The filters can be used to restrict management
of the 7705 SAR router by other nodes outside either specific (sub)networks or
through designated ports. By default, there are no filters associated with security
options. The management access filter and entries must be explicitly created on
each router.
Management access filters apply to the management Ethernet port, which supports
both IPv4 and IPv6 filters.
The 7705 SAR exits the filter when the first match is found and executes the actions
according to the specified action. For this reason, entries must be sequenced
correctly from most to least explicit.
An entry may not have any match criteria defined (in which case, everything
matches) but must have at least the keyword action to be considered complete.
Entries without the action keyword are considered incomplete and will be rendered
inactive.
To Next Page
Loading...
