MENU CLOSE
Search site...
MENU CLOSE

Firewall Filter Types Layer 3

Firewall Filters Layer 3 Switch Security 

Firewalls are a popular choice used in restricting network traffic at layer 3 

Stateless Firewalls: 

Statefull Firewalls 

Firewall filter:Denying traffic from entering or exiting an interface 

Firewall Filtreleme suralara uygulanabilir: 

-Vlans 

-Switch Ports 

-RVIs 

*EX series swirth firewall filters are stateless  

Firewall filters uses Mac address table memory 

Firewall Filter Types 

Port Firewall Filter :  

            Using for switch port .Filters match  Mac adres, and IPv4 ve IPv6  filtreleme 

            Can applied as ingress 

For example :If you apply for ge-0/0/1 interface , it will only effect
ge-0/0/1 interface on switch , it

Vlan Firewall Filter : 

               Can applied against the 2 VLAN 

                Filters are matched against layer 2 and layer 3 

                Filters match against IPv4 and IPv6 and MAC Address 

                Filters applied as egress 

                                      

                             

Router Firewall Filters 

                 Can applied against RVIs and routed ports 

                  Filters are matched against Layer 3 

                   Filters match IPv4 and IPv6 addresses 

                   Filters may be applied interface Lo0  

                   Filters applied as egress  

Also Mac address filters can apply IPv4 ve IPv6  f

Proccesing Order 

Firewall Filters components: 

Filter group 

Only a single firewall filter may be applied to switch port, VLAN or RVI 

A filter group can have up to 1024 terms 

Terms 

Criteria to match against are set using the “from” clause 

“from” clause can match IP Addresses, TCP/UDP ports and Protocols 

Once traffic matches a term the “then” statement  

Implicit deny 

*****If no terms are matched a packet is automatically dropped 

Match Criteria and Actions 

Matches are set using  a “from” statement 

There are many criteria can be used with the from statement (Ip address, ports.Mac Address and Vlans) 

Match Criteria-Destination 

Destination IP address 

Destination Mac address 

Destination Port 

Destinstion prefix-list 

Match Criteria-Source 

Source Ip adress 

Source Mac address 

Source port 

Source prefix-list 

Match Criteria-Layer 2 

Dot1q tag 

Ether type 

Vlans 

Match Criteria-QoS 

Priority traffic could VOIP or video conferencing 

Match Criteria-Ingress Only 

Tcp Flags 

Tcp initial 

Fragment flags 

Firewall Actions  

Accept 

Rejects 

Discard (silenty denies the packet or frame) 

 Action Modifiers 

Count 

Syslog 

Log 

Action Modifiers for -QoS 

Forwarding Class 

Loss Priorty 

LinkedInPinterestTumblr

Share your thoughts