Alcatel-Lucent 7750 SR OS Service Manual page 732
Service router - mobile gateway
Hide thumbs
Also See for 7750 SR OS:
- Manual (1948 pages) ,
- Interface configuration manual (628 pages) ,
- System configuration manual (484 pages)
Table of Contents
Advertisement
IES Service Configuration Commands
or disables the transmission of packets destined to the subnet broadcast address of the egress IP
interface.
When enabled, a frame destined to the local subnet on this IP interface will be sent as a subnet
broadcast out this interface. Care should be exercised when allowing directed broadcasts as it is a
well-known mechanism used for denial-of-service attacks.
When disabled, directed broadcast packets discarded at this egress IP interface will be counted in the
normal discard counters for the egress SAP.
By default, directed broadcasts are not allowed and will be discarded at this egress IP interface.
The no form of this command disables the forwarding of directed broadcasts out of the IP interface.
Default
no allow-directed-broadcasts - Directed broadcasts are dropped.
anti-spoof
Syntax
anti-spoof {ip | mac | ip-mac}
no anti-spoof
Context
config>service>ies>if>sap
Description
This command enables anti-spoof filtering and optionally changes the anti-spoof matching type for
the SAP.
The type of anti-spoof filtering defines what information in the incoming packet is used to generate
the criteria to lookup an entry in the anti-spoof filter table. The type parameter (ip or ip-mac) defines
the anti-spoof filter type enforced by the SAP when anti-spoof filtering is enabled.
The no form of the command disables anti-spoof filtering on the SAP.
Default
no anti-spoof
Parameters
ip — Configures SAP anti-spoof filtering to use only the source IP address in its lookup. If a static
mac — Configures SAP anti-spoof filtering to use only the source MAC address in its lookup.
ip-mac — Configures SAP anti-spoof filtering to use both the source IP address and the source MAC
anti-spoof
Syntax
anti-spoof {ip | ip-mac}
no anti-spoof
Context
config>service>ies>sub-if>grp-if>sap
Page 732
host exists on the SAP without an IP address specified, the anti-spoof type ip command will fail.
Setting the anti-spoof filter type to mac is not allowed on non-Ethernet encapsulated SAPs. If a
static host exists on the SAP without a specified MAC address, the anti-spoof type mac
command will fail. The anti-spoof type mac command will also fail if the SAP does not support
Ethernet encapsulation.
address in its lookup. If a static host exists on the SAP without both the IP address and MAC
address specified, the anti-spoof type ip-mac command will fail. This is also true if the default
anti-spoof filter type of the SAP is ip-mac and the default is not overridden. The anti-spoof type
ip-mac command will also fail if the SAP does not support Ethernet encapsulation.
7750 SR OS Services Guide
Advertisement
Table of Contents
