[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Changing the Default Forwarding Behavior

By default, Layer 2 forwarding on the device allows or denies traffic specified by the configured policy and allows ARP and Layer 2 non-IP multicast and broadcast traffic. You can configure the device to block all Layer 2 non-IP and non-ARP traffic.

Before You Begin

For background information, read Understanding Security Policies in Transparent Mode.

You can use either J-Web or the CLI configuration editor to change the default fowarding behavior on the device.

This topic covers:

J-Web Configuration

To block all Layer 2 non-IP and non-ARP traffic:

  1. Select Configuration>View and Edit>Edit Configuration.

    The Configuration page appears.

  2. Click Security.
  3. Next to Flow, click Edit or Configure.
  4. Next to Bridge, click Configure.
  5. Select Block non ip all.
  6. Click OK to return to the Flow page.
  7. Click OK to return to the Security page.

To allow all Layer 2 non-IP traffic to pass through the device:

  1. Select Configuration>View and Edit>Edit Configuration.

    The Configuration page appears.

  2. Click Security.
  3. Next to Flow, click Edit or Configure.
  4. Next to Bridge, click Configure.
  5. Select Bypass non ip unicast.
  6. Click OK to return to the Flow page.
  7. Click OK to return to the Security page.

CLI Configuration

To block all Layer 2 non-IP and non-ARP traffic:

user@host# set security flow bridge block-non-ip-all

To allow all Layer 2 non-IP traffic to pass through the device:

user@host# set security flow bridge bypass-non-ip-unicast

Related Topics

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]