Filters – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

NOTE
You cannot add or remove individual filters in the group. To add or remove a filter on an interface, apply
the filter group again containing all the filters you want to apply to the port.

NOTE
If you apply a filter group to a port that already has a filter group applied, the older filter group is
replaced by the new filter group.

When a MAC address filter is applied to or removed from an interface, a Syslog message such as the
following is generated.

SYSLOG: <14>Jan 1 00:00:00 10.44.9.11 MAC Filter applied to port 0/1/2 by tester from

telnet session (filter id=5 ).

SYSLOG: <14>Jan 1 00:00:00 10.44.9.11 MAC Filter removed from port 0/1/2 by tester

from telnet session (filter id=5 ).

The Syslog messages indicate that a MAC address filter was applied to the specified port by the
specified user during the specified session type. Session type can be Console, Telnet, SSH, Web,
SNMP, or others. The filter IDs that were added or removed are listed.

Enabling logging of management traffic permitted by MAC address
filters

You can configure the Brocade device to generate Syslog entries and SNMP traps for management
traffic that is permitted by MAC address filters. Management traffic applies to packets that are destined
for the CPU, such as control packets. You can enable logging of permitted management traffic on a
global basis or an individual port basis.

The first time an entry in a MAC address filter permits a management packet and logging is enabled for
that entry, the software generates a Syslog message and an SNMP trap. Messages for management
packets permitted by MAC address filters are at the warning level of the Syslog.

When the first Syslog entry for a management packet permitted by a MAC address filter is generated,
the software starts a five-minute timer. After this, the software sends Syslog messages every five
minutes. The messages list the number of management packets permitted by each MAC address filter
during the previous five-minute interval. If a MAC address filter does not permit any packets during the
five-minute interval, the software does not generate a Syslog entry for that MAC address filter.

NOTE
For a MAC address filter to be eligible to generate a Syslog entry for permitted management packets,
logging must be enabled for the filter. The Syslog contains entries only for the MAC address filters that
permit packets and have logging enabled.

When the software places the first entry in the log, the software also starts the five-minute timer for
subsequent log entries. Thus, five minutes after the first log entry, the software generates another log
entry and SNMP trap for permitted management packets.

Enabling logging of management traffic permitted by MAC address filters

FastIron Ethernet Switch Security Configuration Guide

249

53-1003088-03