Network Security Platform v5.1
Page 4
700-2014C00
Release Notes
Enabling layer2 forwarding on ports and VLANs
This release of 5.1 provides new CLI commands to support layer2 forwarding. No security functions will be applied for
packets forwarded with layer2 forward. McAfee recommends using layer2 forwarding for high latency applications.
Enable or disable TCP port for Layer2 forwarding
This command enables or disables a single port or a range of TCP ports. The first port number is the mandatory port
number. The second port number is an optional port number, which will act as a range.
Syntax: layer2 forward tcp (enable|disable) <0-65535> [<0-65535>]
For example: “layer2 forward tcp enable 5” will enable port layer2 forwarding on TCP port 5 alone. While“layer2
forward tcp enable 5 10” will enable layer2 forwarding on TCP ports from 5 to 10.
Enable or disable UDP port for Layer2 forwarding
This command enables or disables a single port or a range of UDP ports. The first port number is the mandatory
port number. The second port number is an optional port number, which will act as a range.
Syntax: layer2 forward udp (enable|disable) <0-65535> [<0-65535>]
For example: “layer2 forward tcp enable 5”, will enable port layer2 forwarding on UDP port 5 alone. While“layer2
forward tcp enable 5 10” will enable layer2 forwarding on UDP ports from 5 to 10.
Enable or disable VLAN id for Layer2 forwarding
This command enables or disables a single VLAN ID or a range of VLAN ID on all interfaces available on the
Sensor. The first ID is the mandatory VLAN ID. The second VLAN ID is optional, which will act as a range.
Syntax: layer2 forward vlan (enable|disable) <0-4095> [<0-4095>]
For example: “layer2 forward vlan enable 5”, will enable port layer2 forwarding on VLAN 5 alone on all interfaces.
While“layer2 forward vlan enable 5 10” will enable layer2 forwarding on VLAN within the range of 5 to 10 on all
interfaces.
Remove Layer2 forwarding on VLAN id or TCP/UDP port
This command will remove all the ports or VLANs that are enabled for layer2 forwarding. For TCP/UDP, it will
remove all the port numbers from 0 to 65535 that were enabled and also disable the layer2 forwarding feature for
TCP. Similarly for VLAN all the 0 to 4095 VLAN ID are cleared and the feature is disabled.
Syntax: layer2 forward clear (all|tcp|udp|vlan)
Show layer2 forward for port and vlan
When “show layer2 forward all” is provided it will show all the TCP/UDP ports and the VLAN IDs (separated by
comma) that are enabled for layer2 forwarding. The “show layer2 forward” returns the same result as “show layer2
forward all”.
Syntax: show layer2 forward (all|tcp|udp|vlan|<cr>)
Enable or disable VLAN on specific interface for Layer2 forwarding
This command enables or disables the VLAN on the interface as specified by the interface parameter.
Syntax: layer2 forward vlan (enable|disable) <0-4095> interface (all|1A-1B|2A-2B|….)
For example: “layer2 forward vlan enable 5 interface 3A-3B” will enable port layer2 forwarding on VLAN 5 on
interface 3A-3B.
Enable or disable range of VLAN on specific interface for Layer2 forwarding
This command enables or disables the range of VLANs on the interface as specified by the interface parameter.
The first number represents the start of the range, while the second number represents the end.
Syntax: layer2 forward vlan (enable|disable) <0-4095> <0-4095> interface (all|1A-
1B|2A-2B|….)
(25 pages)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels