HP StorageWorks Fabric OS 5.3.x administrator guide (5697-0244, November 2009)

ManualsBrandsHP ManualsComputer AccessoriesHP 8/40 SAN Switch 8-port Upgrade E-LTU

131

132

133

134

135

136

137

138

139

140

Fabric OS 5.3.0 administrator guide 139

For an IP Filter policy rule, users can only select port numbers in either the well known or the registered port

number range, between 0 and 49151, inclusive. This means that customers have the ability to control how

to expose the management services hosted on a switch, but not the ability to affect the management traffic

that is initiated from a switch. A valid port number range is represented by a dash, for example 7-30.

Alternatively, service names can also be used instead of port number. Table 36 lists the supported service

names and their corresponding port number.

TCP and UDP protocols are valid selections. Fabric OS 5.3.0 does not support configuration to filter other

protocols. Implicitly, ICMP type 0 and type 8 packets are always allowed to support ICMP echo

request/reply on commands like ping and traceroute. For the action, only “permit” and “deny” are valid.

For every IP Filter policy, the following two rules are always assumed to be appended implicitly to the end

of the policy, see Table 37. This is to ensure TCP and UDP traffics to dynamic port ranges is allowed, that

way management IP traffic initiated from a switch, such as syslog, radius and ftp, will not be affected.

A switch with Fabric OS 5.3.0 or later will have a default IP Filter policy for IPv4 and IPv6. The default IP

Filter policy cannot be deleted or changed. When an alterative IP Filter policy is activated, the default IP

Filter policy becomes deactivated. Table 38 lists the rules of the default IP Filter policy.

Table 36 Supported services

Service name Port number

https 443

rpc 897

secure rpc 898

snmp 161

ssh 22

s u n p r c 111

telnet 23

www 80

Table 37 Implicit IP Filter rules

Source address Destination

port

Protocol Action

Any 1024-65535 TCP Permit

Any 1024-65535 UDP Permit

Table 38 Default IP policy rules

Rule number Source

address

Destination

port

Protocol Action

1Any22TCPPermit

2Any23TCPPermit

3Any897TCPPermit

4Any898TCPPermit

5 A n y 111 T C P P e r m i t

6Any80TCPPermit

7Any443TCPPermit

9Any161UDPPermit

10 A n y 111 U D P P e r m i t