Secure Switch Access
Page 8-4

Secure Switch Access

Secure Switch Access is a filtering program that prevents unauthorized access to the switch by
allowing you to define a list of filters and filter points. For Secure Switch Access, filters are
lists of source traffic that are allowed onto the switch. Filter points operate on IP protocols
that include FTP, Telnet, SNMP, TFTP, HTTP, and a custom IP protocol. Whenever any of these
filter points is enabled, all filters configured for that protocol are applied to incoming traffic
using the filter point protocol.
All access violations are logged. If a filtering point is not enabled, it is accessible to all users.

Configuring the Secure Switch Access Filter Database

Use the secdefine command to view and configure the database of secure access filters. This
database includes information on filter names, source IP addresses, source MAC addresses,
and the physical ports receiving data.
The following is a sample secdefine display:
Secure Access Filter Database
List (l) :
Create (c):
Delete (d):
Modify (m):
Find (f):
Help (h):
Quit (q):
Enter selection:
Select an option by entering the relevant letter at the selection prompt. To exit this menu,
enter q (quit). Descriptions and sample displays for each of the options are as follows:
List
This is a list of all defined filters. A filter determines what traffic is allowed on the switch. The
list includes information on the filter’s name, IP Address, MAC Address, and physical port
receiving the user’s data. The following is a sample display:
Source IP Source MAC Slot Port
Filter Name Address Address # #
---------------------------------------------------------------------------------------------------------
Engineering 198.34.56.10 0:23:da:67:97:e4 4 1
Test ANY ANY 7 3
Accounting 172.14.25.13 0:32:e4:a3:6f:e4 2 1
HR 198.34.56.15 ANY ANY ANY
The value ANY displays if a field is left blank when configuring filter information through the
Create (c) option. The ANY value signifies a “don’t care” condition. When an inbound packet is
checked against a Filter Name to establish authorized access, the ANY fields are not checked.