Basic Configuration
Basic Configuration
The most basic IP and MAC filter policies must have the following:
•
•
•
•
The following example displays a sample configuration of an IP filter policy. The configuration
blocks all incoming TCP session except Telnet and allows all outgoing TCP sessions from IP net
10.67.132.0/24.
A:ALA-1>config>filter# info
----------------------------------------------
----------------------------------------------
A:ALA-1>config>filter#
Page 104
A filter ID
Template scope, either exclusive or template
Default action, either drop or forward
At least one filter entry
→ Specified action, either drop or forward
→ Specified matching criteria
Figure 3
depicts the interface to apply the filter.
ip-filter 3 create
entry 10 create
match protocol 6
dst-port eq 23
src-ip 10.67.132.0/24
exit
action forward
exit
entry 20 create
match protocol 6
tcp-syn true
tcp-ack false
exit
action drop
exit
exit
Ingress
Filter
TCP Connection
Figure 3: Applying an IP Filter to an Ingress Interface
ALA-1
OSRG007
7210 SAS M, X Router Configuration Guide