Cabletron Systems HSIM-W6 manual Bridging and Routing Protocol Filtering, System Passwords

Chapter 2: About the HSIM-W6

Bridging and Routing Protocol Filtering

Filtering is used to allow efficient usage of network resources and provide security for your network and hosts.

IP Internet Firewall — The HSIM-W6 supports IP Internet Firewall filtering to prevent unauthorized access to your system and network resources from the Internet or a corporate Intranet. Security can be configured to permit or deny IP traffic. The security is established by configuring IP access filters, which are based on source IP address, source mask, destination IP address, destination mask, protocol type, and application port identifiers for both the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). These IP access filters allow individual IP source and destination pair filtering as well as IP address ranges and wild carding to match any IP address. These Firewall filters can be defined to allow inbound only, outbound only, or bi-directional IP communication up to the UDP and TCP application port level. Firewall access filters provide a lot of flexibility to establish a powerful IP security barrier.

The HSIM-W6 supports the IP Access Control (from the ctip-mib) Internet Firewall Filter.

Bridge Filtering — Bridge filtering allows a network administrator to control the flow of packets across the HSIM-W6. Bridge filtering can be used to “deny” or “allow” packets based on a “matched pattern” using a specified position and hexadecimal content within the packet. This enables restricting or forwarding of messages based on address, protocol, or data content. Common uses include preventing access to remote networks, controlling unauthorized access to the local network, and limiting unnecessary traffic.

The HSIM-W6 supports the following Bridge Filters:

•dot1d.Static Filters (IETF RFC1493)

•Ethernet Special Filtering Database (from the ctbridge-mib)

System Passwords

System passwords allow you to control access to the HSIM-W6 by establishing three passwords. Each password provides varying levels of access to the HSIM-W6. The default password for each access level is preset to public.

The following definitions explain each of the three levels of access:

read-only — This access level allows reading of device parameters not including system passwords.

18 HSIM-W6 User’s Guide