Table of Contents
Advertisement
Promiscuous Mode
In most situations, an interface will run in normal, non-promiscuous mode. This means that when
an arriving packet has a destination MAC address which does not match the MAC address of the
receiving interface, the packet is discarded by the interface without being passed on to
NetDefendOS for processing. However, this behavior is incorrect with the following
NetDefendOS features:
•
Multicast
•
High Availability
•
OSPF
For these features, the packet needs to be passed to NetDefendOS even though there is a
mismatch of MAC addresses. To do this, promiscuous mode must be enabled on the interface but
the administrator does not need to do this manually. NetDefendOS will automatically switch an
interface to promiscuous mode when required. With multicast only, the automatic usage of
promiscuous mode can be controlled using the Ethernet object property Receive Multicast Traffic
which has a default value of Auto so the correct mode is selected by NetDefendOS.
The current mode of an Ethernet interface can be viewed by using the ifstat <ifname> command
and looking at the value for Receive Mode. This value will be Normal for non-promiscuous mode
or it will be set automatically by NetDefendOS to Promiscuous as shown in the CLI example
below (note that the output is truncated here):
gw-world:/> ifstat If1
Iface Ïf1
Builtin e1000 - Gigabit Ethernet
Media
: "Autonegotiated"
Link Status
: 100 Mbps Full Duplex
Receive Mode
: Promiscuous
Changing the IP address of an Ethernet Interface
To change the IP address on an interface, we can use one of two methods:
•
Change the IP address directly on the interface. For example, if we want to change the IPv4
address of the lan interface to 10.1.1.2, we could use the CLI command:
gw-world:/> set Interface Ethernet lan IP=10.1.1.2
As explained next, this way of changing the IPv4 address is not recommended.
•
Instead, the lan_ip object in the NetDefendOS Address Book should be assigned the new
address since it is this object that is used by many other NetDefendOS objects such as IP
rules. The CLI command to do this would be:
gw-world:/> set Address IP4Address InterfaceAddresses/lan_ip
This same operation could also be done through the Web Interface.
A summary of CLI commands that can be used with Ethernet interfaces can be found in
Section 3.4.2.1, "Useful CLI Commands for Ethernet Interfaces".
The Difference Between Logical and Physical Ethernet Interfaces
The difference between logical and physical interfaces can sometimes be confusing. The logical
Bus 0 Slot 4 Port 0 IRQ 0
Address=10.1.1.2
185
Chapter 3: Fundamentals
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
