Security46"FD 100/320Gbps NT and FX NT IHub SystemBasics, Management and OAM Guide"3HH-11982-AAAA-TQZZA Issue: 10entry 10 createaction dropdescription "CPU-Filter 2001::1/64 #101"exitentry 20 createno actiondescription "CPU-Filter 2010::1/64 #201"exitno shutdown----------------------------------------------A:ALA-49>configure>sys>sec>cpm>ipv6-filter#The following displays an IP/IPV6 CPU filter port and mask calculation example:TCP port number-2 bytesUDP port number-2 bytesThis section describes the use of L4 mask and gives some examples on L4 masks.The way that L4 masks work is similar to IP subnet masks. The L4 mask is a 2-bytehexadecimal number.Applying an L4 mask to a UDP/TCP port allows identification of the constant andvariable parts of the port number. The constant bits are represented by the 1s in themask, and the variable bits are represented by the 0s. Performing a bitwise logicalAND operation between the port number and the L4 mask results in the first portnumber of the range.For example, if the port is 2000 and the mask is 65532, 2000 = 0000011111010000and FFFC = 1111111111111100. The result after an AND operation is0000011111010000, and the last two bits can be stripped off, resulting in a range of00000111 11010011. So, 2000 - 2003 will be the range allowed with port number2000 and mask 65532.As noticed, the match on the above range causes variation of only the last 2 bits inthe entire number. The first bits always stay the same. If your range is continuous(that is.without "holes" in it), and this is exactly the case - such a range must bealigned so that the start has (N) least significant 0s and the end has (N) leastsignificant 1s.The size of the range (R) must be of the form 2^N (to guarantee trailing 0s). In thisexample, 2003 - 2000 + 1 = 4[*] which is 2^2.4.2.1.3 Configuring KeychainsThe following shows a keychain configuration.A:ALA-1>configure>system>security# info----------------------------------------------...keychain "abc"directionbientry 1 key "ZcvSElJzJx/wBZ9biCtOVQJ9YZQvVU.S" hash2
