3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
128 CHAPTER 8: TRANSPARENT FIREWALL
By default, no MAC address-based ACL is applied to the interface.
n
To apply MAC address-based ACLs to interfaces, you must set the firewall in
transparent mode. Otherwise, the system prompts the information "Please firstly
active the Transparent mode!"
Configuring Aging Time
of the MAC Forwarding
Table
Aging time of the MAC forwarding table refers to the lifetime of a MAC
forwarding table entry and is determined by the aging timer. When the timer
expires, the corresponding entry will be removed from the MAC forwarding table.
Perform the following configuration in system view.
By default, the aging time of the MAC forwarding table is 300 seconds.
Defining Allowed Packet
Types
You can configure the transparent firewall to allow BPDU (bridge protocol data
unit), DLSw (data link switching) or IPX (internetwork packet exchange) packets to
pass.
Perform the following configuration in system view.
By default, the firewall filters out all packets.
Displaying and
Debugging
Transparent Firewall
Use the commands listed in Table 119 to view the configuration information about
transparent firewall and enable debugging for transparent firewall configuration.
Execute the display command in any view, and execute the debugging and
reset commands in user view.
Remove the MAC address-based ACL on the
interface
undo firewall ethernet-frame-filter {
inbound | outbound }
Table 116 Apply MAC address-based ACL to the interface
Operation Command
Tabl e 117 Configure aging time of the MAC forwarding table
Operation Command
Configure the aging time of the MAC
forwarding table
firewall transparent-mode aging-time
seconds
Restore the default aging time of the MAC
forwarding table
undo firewall transparent-mode
aging-time
Tabl e 118 Define allowed packet types
Operation Command
Define the type of packets that are allowed to
pass the transparent firewall
firewall transparent-mode transmit {
bpdu | dlsw | ipx }
Define the type of packets that are not
allowed to pass
undo firewall transparent-mode transmit
{ bpdu | dlsw | ipx }