the most trusted source for computer security training, certification and research

Egress Filtering on Bay Routers

Revision: 1.9 - Date: 2006/05/10 15:17:49 GMT

Bay Networks uses a GUI to manage their routers that's called Site Manager. The steps listed below will be selections from the screens within Site Manager.

For outbound filters you have to have Protocol Priority configured on the interface.

To add Protocol Priority to an interface you start Site Manager selecting the router.
This will bounce the interface!!
 Select the interface.
  Edit Circuit
   Protocols
    Add
     Protocol Priority
     OK

To add the outbound filter.

 Select the interface.
  Edit Circuit
   Protocols
    Edit Protocol Priority
     Priority/Outbound Filters
      Template
       Create
        Filter name: Enter the FIRST outbound template name.
        Criteria
         Add
          IP
           IP
            Priority_IP Source Address
             minimum value ---| Enter the starting address and
             maximum value ---| ending address of the customers network . You don't enter a mask like Cisco.
             OK
        Action
         IP
          Add
           Accept
        OK
       Create
        Filter name: Enter the SECOND outbound template name.
        Criteria
         Add
          IP
           IP
            Priority_IP Source Address
             minimum value ---| 0.0.0.0
             maximum value ---| 255.255.255.255
             OK
        Action
         IP
          Add
           Drop
        Action
         IP
          Add
           Log
        OK
      Done
That was building the templates. You now have to build and apply the filters. You are still on the same screen.
      Create
       Filter name: Enter a new filter name
       Select the interface
       Select the FIRST template created
       OK
      Create
       Filter name: Enter a new filter name
       Select the interface
       Select the SECOND template created
      Done

Back out of the remaining screens normally. That has now applied outbound filters to the selected interface. You can check the logs and filter counters for hits and IP addresses.

<< Help Defeat Distributed Denial of Service Attacks: Step-by-Step

This is hands-down, the premiere training opportunity.
- Dan Mather, JICPAC

CDI 2008 :: Washington, DC :: Dec 10-16

Contact us: (301) 654-SANS(7267)
Monday - Friday 9am-8pm EST/EDT