DXS/DWS-3200 series CLI Reference Guide
security-suite deny martian-addresses
The security-suite deny martian-addresses Global Configuration mode command denies packets containing
reserved IP addresses. Use the no form of this command to permit those addresses.
Syntax
security-suite deny martian-addresses {reserved | add {ip-address {mask | prefix-length}} | remove {ip-
address {mask | prefix-length}}
no security-suite martian-addresses
Parameters
•
ip-address — Specify the packets to discard, with that IP address as the source IP address or the destination
IP address.
•
mask — Specifies the network mask of the IP address.
•
prefix-length — Specifies the number of bits that comprise the IP address prefix. The prefix length must be
preceded by a forward slash (/).
•
reserved — Specify to discard packets with source address or destination address in the block of the
reserved IP addresses. See the usage guidelines for a list of reserved addresses.
Default Configuration
Martian addresses are allowed.
Command Mode
Global Configuration mode
User Guidelines
The following table describes the reserved addresses:
Add re ss bl oc k
0.0.0.0/8 (except 0.0.0.0/32 as
source address)
127.0.0.0/8
192.0.2.0/24
224.0.0.0/4 as source
240.0.0.0/4 (except
255.255.255.255/32 as destination
address)
Present use
Addresses in this block refer to source hosts on "this" network.
This block is assigned for use as the Internet host loopback address.
This block is assigned as "TEST-NET" for use in documentation and
example code.
This block, formerly known as the Class D address space, is allocated
for use in IPv4 multicast address assignments.
This block, formerly known as the Class E address space, is reserved.
Page 247