Net Optics none Filter add ipv6=n inports=n1.1-n1.3 ip, Src=10.1.1.1 action=drop, Filter clear

Page 47

 

 

 

 

 

 

 

 

 

 

 

Director

 

 

 

 

 

 

 

 

Command

Sub-Command

Parameters

Example and description

 

 

 

 

filter

add

ipv6=< y n >

filter add ipv6=n in_ports=n1.1-n1.3 ip_

 

 

 

in_ports=<network_portlist>*

src=10.1.1.1 action=drop

 

 

 

<qual>=<value>

Parameters:

 

 

 

action=< redir drop >

ipv6=y for IPv6 addressing; ipv6=n for IPv4 ad-

 

 

 

redir_ports=<monitor_portlist>

dressing (defaults to IPv4 if parameter is omitted)

 

 

 

 

<network_portlist> — traffic from the network

 

 

 

Notes:

ports specified in this portlist is aggregated before

 

 

 

The command may include

being sent to the filter

 

 

 

<qual> and <value> are filter qualifiers and values

 

 

 

any number of <qual>, up

 

 

 

as listed in the table that follows this table

 

 

 

to the limit of Director's filter

 

 

 

Specify redir or drop as the filter action —

 

 

 

resources (approximately

 

 

 

if redir, packets matching all of the <qual> are

 

 

 

1,000 <qual> per chassis)

 

 

 

copied to all of the Monitor ports specified in the

 

 

 

The action=< redir drop >

 

 

 

portlist <monitor_portlist>

 

 

 

parameter is required

 

 

 

if drop, packets matching all of the <qual> are

 

 

 

 

 

 

 

If action=redir, then

dropped

 

 

 

redir_ports=<monitor_portlist>

Defines a filter, including the Network and Monitor

 

 

 

parameter is required

ports involved in the filter; filter is pending (inactive)

 

 

 

 

until activated by a filter commit or commit command

 

 

 

 

Note: If the filter command does not include any

 

 

 

 

<qual>, it defines aggregation, regeneration, and

 

 

 

 

matrix switching functions without filtering

 

 

 

 

 

 

 

clear

 

filter clear

 

 

 

 

Clears all active filters

 

 

 

 

 

 

 

commit

 

filter commit

 

 

 

 

Activates pending filters previously defined using

 

 

 

 

filter add and filter ins commands

 

 

 

 

 

 

 

del

ipv6=< y n >

filter del id=3

 

 

 

id=<id>*

Parameters:

 

 

 

 

ipv6=y for IPv6 addressing; ipv6=n for IPv4 ad-

 

 

 

 

dressing (defaults to IPv4 if parameter is omitted)

 

 

 

 

<id> is a decimal number from 1 to 999 that

 

 

 

 

identifies which filter is to be deleted

 

 

 

 

Deletes a pending filter

 

 

 

 

 

 

 

discard

 

filter discard

 

 

 

 

Clears all pending filters

 

 

 

 

 

 

 

ins

ipv6=< y n >

filter ins id=myfilter-1 in_ports=n1.1-n1.3 ip_

 

 

 

id=<id>*

src=10.1.1.1 action=drop

 

 

 

in_ports=<network_portlist>

Parameters:

 

 

 

<qual>=<value>

ipv6=y for IPv6 addressing; ipv6=n for IPv4 ad-

 

 

 

action=< redir drop >

dressing (defaults to IPv4 if parameter is omitted)

 

 

 

redir_ports=<monitor_portlist>

<id> is a decimal number from 1 to 999 that

 

 

 

 

specifies the priority of this filter (the address for

 

 

 

 

the filter in the filter CAM)

 

 

 

 

The rest of the filters parameters are as defined

 

 

 

 

for the filter add command

 

 

 

 

Defines and prioritizes a filter

 

 

 

 

 

 

43

*** Confidential - DO NOT Distribute ***

Page 46 Page 48
Image 47
Page 46 Page 48
Contents Smart Filtering Appliance Trademarks and Copyrights Contents Filter parameters Appendix aAppendix B Appendix CChapter Introduction Passive, Secure Technology Key FeaturesEase of Use Monitor port FilteringDescription About this GuideDirector internal architecture Director ArchitectureDirector Management USB portNetwork Links Typical ApplicationMonitoring Tools External Network Tap method IBypass Switch MethodIn-line Monitoring of 10 Gigabit Links DNM / Network Port LEDs Power LEDsDirector Front Panel Monitor Port LEDsXFP Director Rear PanelChapter Installing Director Unpack and Inspect the Director device Plan the InstallationRack Mount the Director device Install Director Network ModulesInstall SFP and XFP Monitor port Modules Connect the local CLI Interface Connect Power to DirectorTo connect the CLI for remote use over the Management port Connect the remote CLI InterfaceBaud Data bits No parity 1 stop bit No flow control TipTo log into the CLI Log into the CLITo change the user name and password Configure Director using the CLIChange Director User Name and Password Change Port Modes To change the port modeAssign a New Manager IP Address To assign a new Manager IP address to DirectorSet the Current Date and Time Save and Load Director ConfigurationsTo view CLI help information Using the CLI Help CommandCurrent config file Using the CLI Command History BufferTo connect a Span port Connect Span Ports to DirectorTo connect an in-line network link Connect Director With In-line Network LinksConnect Monitoring Tools to Director Configure a Matrix Switch connection in DirectorCheck the Installation Syntax Chapter Configuring Filters Using the CLICopy Traffic From Any Network Port to Any Monitor Port Enter filter commit. The switch connection is activatedLter add inports=n1.1 action=redir redirports=m.3-m.5 Regenerate Traffic to Any Set of Monitor PortsTo create a filter that selects IPv4 packets by protocol Create FiltersLogical and filter connection Create Complex FiltersUDP View filtersConfigurable 10 Gigabit XFP ports used as Network ports Work with configurable 10 Gigabit portsNetwork Port 11 XFP Port CAM Understand filter interactionsFlow diagram now looks as follows N1.1 ipproto=UDP action=drop N1.1 m.1 Exclusive filtersUnderstand pending and active filters To change the Director filter configurationEnter filter list to view the pending filter list Filter capacity User interactionsDaisy-chaining Multiple Director Chassis Specifications, chassis Appendix a Director SpecificationsAvailable Models Specifications, DNMEnvironmental CertificationsCommand Sub-Command Parameters Example and description Appendix B Command Line InterfaceSrc=10.1.1.1 action=drop Command may includeFilter add and filter ins commands Filter add ipv6=n inports=n1.1-n1.3 ipFilter sync Load myconfiguration-1Filter list Filter runningPing Save myconfiguration-1Show myconfiguration-1 PasswdTime Sysip commitSysip ipaddr=192.168.1.2 netmask=255.255.0.0 Sysip showIs only This This command is only available at root level CommandUser show User add name=bob pw=bob-pw priv=3Director Filter Parameters Qual Value Example Description Filter parametersNum Keyword Protocol Appendix C Protocol NumbersMobile L2TP Limitations on Warranty and Liability By Net Optics, Inc. All Rights Reserved
Top Page Image Contents