Filter
Top Products
Publication 1761-UM006A-EN-P - February 2001
4-14 ENI Configuration (Node 248 to 254)
The security masks default value is 0.0.0.0 out-of-box, which is
defined as “accept all register session requests”. A Security Mask of
255.255.255.255 is also defined as “accept all register session
requests”.
The follow examples illustrate the behavior of the security masks:
You can use one or two security masks. If you wish to use only one
security mask, use Security Mask 1 because it takes precedence over
Security Mask 2 (for example, if Security Mask 1 is accepted, Security
Mask 2 is not evaluated). Details of the relationship between the two
masks are shown in the following table.
TIP
The security mask acts as a filter on the source IP
address such that any mask octet set to the value of
255 becomes “don’t care” octets in the source IP
address and all other fields must match exactly.
Table 4.5 Security Mask Behavior
Example Condition Security Mask Behavior
If a security mask is set to 192.168.15.255 and an IP address 203.129.75. 23 attempts
to message into the controller
The packet is rejected because 203.129.75
does not equal 192.168.15 (the 4
th
octet, 23,
is “don’t care”).
and an IP address 192.168.15.76 attempts to
message into the controller
The packet is processed because the upper 3
octets match (the 4
th
octet is still “don’t
care”).
If a security mask is set to 192.168.255.76 All source IPs that equal 192.168.xxx.76 are
accepted because 255 is “don’t care”.
Table 4.6 Using Security Mask 1 and Security Mask 2
Example Condition Security Mask Behavior
Security masks 1 and 2 are evaluated using the following logic:
If the security mask 1 filter results in an
“Accept” decision
security mask 2 is not evaluated and the register session request is processed.
If the security mask 1 filter results in a
“Deny” decision
security mask 2 is evaluated as follows:
• If the security mask 2 filter results in an “Accept” decision, the register session
request is processed
• If the security mask 2 filter results in a “Deny” decision, the register session
request is not replied to and the socket is closed.