Security
(2 of 2)
4.2 Configuring Security with CLI
This section provides information to configure security using the Command Line
Interface (CLI).
4.2.1
4.2.1.1
The node has traffic management and queuing hardware dedicated to protecting the
control plane. CPU filters can be created on this hardware. These filters can be used
to drop or accept packets for traffic directed to the control processors.
CPU filters control all traffic going in to the CPU, including all routing protocols.
They apply to packets from all ports. The packet filtering is on the hardware using no
resources on the main CPU.
Use the following CLI command to configure a CPU filter:
configure>system>security
44
Field
Definition
T'[i]
End time after which
key[i] cannot be used by
receiving TCPs
Security Configuration Procedures
Configuring IP CPU Filters
cpu-filter
default-action {accept | drop}
ip-filter
entry entry-id
action {accept | drop}
description description-string
match [protocol protocol-id]
dscp dscp-name
dst-ip {ip-address/mask|ip-address netmask}
dst-port [tcp/udp port-number] [mask]
fragment {true|false}
icmp-code icmp-code
icmp-type icmp-type
option-present {true|false}
service service-id
src-ip {ip-address/mask|ip-address netmask}
src-port src-port-number [mask]
tcp-ack {true|false}
tcp-syn {true|false}
renum old-entry-id new-entry-id
3HH-11982-AAAA-TQZZA
"FD 100/320Gbps NT and FX NT IHub System
Basics, Management and OAM Guide"
CLI
configure>system>security>keychain>direction>uni>receive
>entry>endtime
Issue: 10