DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Managed Switch
CPU Interface Filtering
Due to a chipset limitation and the need for extra switch security, the DES-30xx switch series incorporates CPU Interface
filtering. This added feature increases the running security of the Switch by enabling the user to create a list of access rules for
packets destined for the Switch’s CPU interface. Employed similarly to the Access Profile feature previously mentioned, CPU
interface filtering examines Ethernet, IP and Packet Content Mask packet headers destined for the CPU and will either forward
them or filter them, based on the user’s implementation. As an added feature for the CPU Filtering, the Switch allows the CPU
filtering mechanism to be enabled or disabled globally, permitting the user to create various lists of rules without immediately
enabling them.
Creating an access profile for the CPU is divided into two basic parts. The first is to specify which part or parts of a frame the
Switch will examine, such as the MAC source address or the IP destination address. The second part is entering the criteria the
Switch will use to determine what to do with the frame. The entire process is described below.
CPU Interface Filtering State
In the following window, the user may globally enable or disable the CPU Interface Filtering mechanism by using the pull-down
menu to change the running state. To access this window, click ACL > CPU Interface Filtering > CPU Interface Filtering
State. Choose Enabled to enable CPU packets to be scrutinized by the Switch and Disabled to disallow this scrutiny.
Figure 9- 15. CPU Interface Filtering State window
CPU Interface Filtering Profile Table
Click ACL > CPU Interface Filtering > CPU Interface Filtering Table to display the CPU Access Profile Table entries created
on the Switch. To view the configurations for an entry, click the hyperlinked Profile ID number.
Figure 9- 16. CPU Interface Filtering Table window
To add an entry to the CPU Interface Filtering Profile Table window, click the Add button. This will open the CPU Interface
Filtering Profile Configuration window, as shown below. There are three CPU Access Profile Configuration windows; one for
Ethernet (or MAC address-based) profile configuration, one for IP address-based profile configuration and one for the Packet
Content Mask. Users can switch between the three CPU Access Profile Configuration windows by using the Type drop-down
menu. The window shown below is for Ethernet CPU Interface Filtering Configuration.
123
To Next Page
Loading...
Need help?
General