Cpu Interface Filtering; Cpu Interface Filtering State Settings; Cpu Interface Filtering Table - D-Link DES-6500 - Switch User Manual
Modular layer 3 chassis ethernet switch
Hide thumbs
Also See for DES-6500 - Switch:
- Manual (352 pages) ,
- Cli manual (334 pages) ,
- Command line interface reference manual (267 pages)
Table of Contents
Advertisement
CPU Interface Filtering
Due to a chipset limitation and needed extra switch security, the xStack DES-6500 chassis switch incorporates CPU Interface
filtering. This added feature increases the running security of the Switch by enabling the user to create a list of access rules for
packets destined for the Switch's CPU interface. Employed similarly to the Access Profile feature previously mentioned, CPU
interface filtering examines Ethernet, IP and Packet Content Mask packet headers destined for the CPU and will either forward
them or filter them, based on the user's implementation. As an added feature for the CPU Filtering, the xStack DES-6500 chassis
switch allows the CPU filtering mechanism to be enabled or disabled globally, permitting the user to create various lists of rules
without immediately enabling them.
Creating an access profile for the CPU is divided into two basic parts. The first is to specify which part or parts of a frame the
Switch will examine, such as the MAC source address or the IP destination address. The second part is entering the criteria the
Switch will use to determine what to do with the frame. The entire process is described below.
Due to a backward compatability issue, when a user upgrades to R3 firmware (3.00-B33),
all settings previously configured for any ACL function (CPU ACL included) on the Switch
will be lost. We recommend that the user save a configuration file of current settings before
upgrading to R3 firmware.
CPU Interface Filtering State Settings
In the following window, the user may globally enable or disable the CPU Interface Filtering mechanism by using the pull-down
menu to change the running state. To access this window, click Configuration > CPU Interface Filtering > CPU Interface
Filtering State. Choose Enabled to enable CPU packets to be scrutinized by the Switch and Disabled to disallow this scrutiny.
CPU Interface Filtering Table
The CPU Interface Filtering Table displays the CPU Access Profile Table entries created on the Switch. To view the
configurations for an entry, click the hyperlinked Profile ID number.
To add an entry to the CPU Interface Filtering Table, click the Add button. This will open the CPU Interface Filtering
Configuration page, as shown below. There are three Access Profile Configuration pages; one for Ethernet (or MAC address-
based) profile configuration, one for IP address-based profile configuration and one for the Packet Content Mask. Users can
switch between the three Access Profile Configuration pages by using the Type drop-down menu. The page shown below is the
Ethernet CPU Interface Filtering Configuration page.
xStack DES-6500 Modular Layer 3 Chassis Ethernet Switch User Manual
Figure 6- 71. CPU Interface Filtering State Settings window
Figure 6- 72. CPU Interface Filtering Table
99
Advertisement
Table of Contents
