4-14ENI Configuration (Node 248 to 254)

The security masks default value is 0.0.0.0 out-of-box, which is defined as “accept all register session requests”. A Security Mask of 255.255.255.255 is also defined as “accept all register session requests”.

TIP

The security mask acts as a filter on the source IP address such that any mask octet set to the value of 255 becomes “don’t care” octets in the source IP address and all other fields must match exactly.

The follow examples illustrate the behavior of the security masks:

Table 4.5 Security Mask Behavior

Example Condition

Security Mask Behavior

 

 

If a security mask is set to 192.168.15.255

and an IP address 203.129.75. 23 attempts

The packet is rejected because 203.129.75

 

to message into the controller

does not equal 192.168.15 (the 4th octet, 23,

 

 

is “don’t care”).

 

 

 

 

and an IP address 192.168.15.76 attempts to

The packet is processed because the upper 3

 

message into the controller

octets match (the 4th octet is still “don’t

 

 

care”).

 

 

 

If a security mask is set to 192.168.255.76

All source IPs that equal 192.168.xxx.76 are

 

 

accepted because 255 is “don’t care”.

 

 

 

You can use one or two security masks. If you wish to use only one security mask, use Security Mask 1 because it takes precedence over Security Mask 2 (for example, if Security Mask 1 is accepted, Security Mask 2 is not evaluated). Details of the relationship between the two masks are shown in the following table.

Table 4.6 Using Security Mask 1 and Security Mask 2

Example Condition

 

Security Mask Behavior

 

 

 

Security masks 1 and 2 are evaluated using the following logic:

If the security mask 1 filter results in an

security mask 2 is not evaluated and the register session request is processed.

“Accept” decision

 

 

 

If the security mask 1 filter results in a

security mask 2 is evaluated as follows:

“Deny” decision

If the security mask 2 filter results in an “Accept” decision, the register session

 

request is processed

 

If the security mask 2 filter results in a “Deny” decision, the register session

 

request is not replied to and the socket is closed.

 

 

Publication 1761-UM006A-EN-P - February 2001

Page 42
Image 42
HP MicroLogix 1761-NET-ENI manual Security Mask Behavior Example Condition