Filter
Top Products
3-134 Sun Fire B1600 Blade System Chassis Switch Administration Guide • June 2003
3.4.7 Filtering Traffic From the Down Link Ports to the
Management Port
You can configure the packet filtering to prevent specified IP traffic from reaching
the internal management port (NETMGT) from the down-link ports.
Note – Traffic is not allowed between up-link ports and the management port.
The system default is to stop all IP packets from passing from the down-link ports to
the management port (NETMGT). If you need the blades to access the management
network through the management port (NETMGT), you must set a filter to permit
specific frames to pass from the down-link ports to the management port.
When configuring filtering for the management port through the web interface or
CLI, the following parameters can be configured:
■ Rule – The rule number (between 1 and 128). A filter rule can be inserted at the
specified position in the table, pushing any existing patterns at or below that
location down in the table. A rule number cannot exceed the next available
number in the table. If the rule number is not specified, a new pattern is
appended to the end of the rule table.
■ Action – The control that blocks or allows packets passing from the down-link
ports into the management port. Select permit or deny.
■ Protocol – The protocol (either TCP, UDP, or Any), or protocol number (between 0
and 255).
■ Keyword Flags (Code Sequence) – A flag in byte 14 of the TCP header. You can
specify a sequence of codes (ON if selected and OFF if not selected). The symbolic
name and corresponding bit include these items:
■ fin (1) – Finish
■ syn (2) – Synchronize
■ rst (4) – Reset
■ psh (8) – Push
■ ack (16) – Acknowledgement
■ urg (32) – Urgent pointer
■ Code – The decimal number (between 0 and 63) representing a bit string that
specifies flag bits in byte 14 of the TCP header.
■ Bitmask – The decimal number representing a bit mask that is applied to the code.
Enter a decimal number, where the equivalent binary bit “1” means to match a bit
and “0” means to ignore a bit. Specify 32 (urg), 16 (ack), 8 (psh), 4 (rst), 2 (syn), or
1 (fin).