The security masks default value is 0.0.0.0
TIP
The security mask acts as a filter on the source IP address such that any mask octet set to the value of 255 becomes “don’t care” octets in the source IP address and all other fields must match exactly.
The follow examples illustrate the behavior of the security masks:
Table 4.5 Security Mask Behavior
Example Condition | Security Mask Behavior | |
|
| |
If a security mask is set to 192.168.15.255 | and an IP address 203.129.75. 23 attempts | The packet is rejected because 203.129.75 |
| to message into the controller | does not equal 192.168.15 (the 4th octet, 23, |
|
| is “don’t care”). |
|
|
|
| and an IP address 192.168.15.76 attempts to | The packet is processed because the upper 3 |
| message into the controller | octets match (the 4th octet is still “don’t |
|
| care”). |
|
|
|
If a security mask is set to 192.168.255.76 | All source IPs that equal 192.168.xxx.76 are | |
|
| accepted because 255 is “don’t care”. |
|
|
|
You can use one or two security masks. If you wish to use only one security mask, use Security Mask 1 because it takes precedence over Security Mask 2 (for example, if Security Mask 1 is accepted, Security Mask 2 is not evaluated). Details of the relationship between the two masks are shown in the following table.
Table 4.6 Using Security Mask 1 and Security Mask 2
Example Condition |
| Security Mask Behavior |
|
|
|
Security masks 1 and 2 are evaluated using the following logic:
If the security mask 1 filter results in an | security mask 2 is not evaluated and the register session request is processed. |
“Accept” decision |
|
|
|
If the security mask 1 filter results in a | security mask 2 is evaluated as follows: |
“Deny” decision | • If the security mask 2 filter results in an “Accept” decision, the register session |
| request is processed |
| • If the security mask 2 filter results in a “Deny” decision, the register session |
| request is not replied to and the socket is closed. |
|
|
Publication