Creating Ip Filter Policy Rules; Deleting Ip Filter Policy Rules; Switch Session Transactions - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 6.1.x administrator guide (5697-0234, november 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (576 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
If none of the rules in the policy matches the incoming packet, the two implicit rules will be matched to the
incoming packet. If the rules still do not match the packet, the default action, which is to deny, will be
taken.
When the IPv4 or IPv6 address for the management interface of a switch is changed through the
ipAddrSet command or manageability tools, the active IP Filter policies will automatically become
enforced on the management IP interface with the changed IP address.
NOTE:
If a switch is part of a LAN behind a Network Address Translation (NAT) server, depending on the
NAT server configuration, the source address in an IP Filter rule may have to be the NAT server address.
Creating IP Filter policy rules
There can be a maximum of 256 rules created for an IP Filter policy. The change to the specified IP Filter
policy is not saved to the persistent configuration until a save or activate sub-command is run.
To add a rule to an IP Filter policy:
1.
Log in to the switch using an account assigned to the admin role.
2.
Type in the following command:
ipfilter --addrule <policyname> -rule <rule_number> -sip <source IP> -dp <dest
port> -proto <protocol> -act <permit | deny>
policyname
-rule rule
number
-sip source IP
-dp destination
port
-proto protocol
-act <permit |
deny>
Deleting IP Filter policy rules
Deleting a rule in the specified IP Filter policy causes the rules following the deleted rule to shift up in rule
order. The change to the specified IP Filter policy is not saved to persistent configuration until a save or
activate sub-command is run.
To delete a rule to an IP Filter policy:
1.
Log in to the switch using an account assigned to the admin role.
2.
Type in the following command:
ipfilter –-delrule <policyname> -rule <rule number>
Switch session transactions
A transaction is associated with a command line or manageability session. It is opened implicitly when the
create,
--
--
--transabort, --save, or --activate subcommands will explicitly end the transaction owned by
the current command line or manageability session. If a transaction is not ended, other command line or
manageability sessions are blocked on the sub-commands that would open a new transaction.
Specifies the policy name which is a unique string composed of a
maximum of 20 alphanumeric and underscore characters. The
names default_ipv4 and default_ipv6 are reserved for the default IP
Filter policies. The policy name is case-insensitive and always stored
as lower case.
Enter a valid rule number between 1 and the current maximum rule
number plus one.
Specifies the source IP address. For IPv4 filter type, the address must
be a 32-bit address in dot decimal notation, or a CIDR block IPv4
prefix. For IPv6 filter type, the address must be a 128-bit IPv6
address in any format specified by RFC, or a CIDR block IPv6
prefix.
Specifies the destination port number, or a range of port numbers,
or a service name.
Specifies the protocol type, either TCP or UDP.
Specifies the permit or deny action associated with this rule.
addrule,
delrule,
--
clone, and
delete subcommands are run. The
--
--
Fabric OS 6.1.x administrator guide 127
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
