Enterasys Networks CSX6000, CSX5500, CSX7000 manual Application to Network Interfaces

USER’S GUIDE

Because the Packet Types within the conditions specify both source and destination address information, Global application may often be sufficient to filter IP traffic across the entire system. However, the Input, Output and User-Based application points are defined in case the administrator needs to apply a finer level of filtering which cannot be obtained on a Global basis.

IP Routing Process

GLOBAL

CONNECTION

Filter Application Points

Filter Execution Order

Example: order of execution of filter application points

Application to Network Interfaces

A forwarding filter is applied to an IP Network Interface through the IP Interface configuration. A filter may be applied to both the input and output stages of the Network Interface.

It is important to note that the Unnumbered WAN Interface which appears in the IP Interface configuration is simply the enabling condition for operation with unnumbered WAN links. The actual unnumbered Network Interfaces are created dynamically at run-time, with the name of the remote WAN device providing the unique identifier for the Interface. Consequently, when a filter is applied to the externally visible Unnumbered WAN Interface, it will apply to all dynamic unnumbered interfaces which are created internally at run-time. If it desired to apply a filter to a specific unnumbered interface, this can be accomplished by applying a User-Based filter.

PACKET TYPES

A Packet Type is a set of comparisons which are made against the contents of an IP packet. It is the fundamental element of an IP filter condition. For a match to occur, ALL the constituent comparisons must yield a TRUE result. The type is composed of a common packet portion which specifies fields in the IP header, and a protocol-specific portion which references the upper- layer protocol fields and is dependent upon which Protocol field of the IP Header, if any, is used as a criterion.

304 CyberSWITCH