Supported platforms

Getting started Overview Architecture Supported platforms Release notes White papers

Getting started Overview Architecture Supported platforms Release notes White papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Supported platforms

Supported platforms On this page:

vRouter

Configuration (vRouter)

Security and VPN

Firewall

Configuration Examples

Packet-filtering

Matching groups

VNF

UfiSpace S9500-30XS

Physical uCPEs

Matching groups

Groups of addresses, ports, and networks can be defined for similar filtering. For example, to create a rule that rejects traffic to a group of addresses and ports and from a group of networks, perform the following steps in configuration mode.

Table 1. Rejecting traffic based on groups of addresses, networks, and ports
Step	Command
Add an address to an address group.	`vyatta@R1# set resources group address-group SERVERS address 1.1.1.7`
Add a network to a address group.	`vyatta@R1# set resources group address-group SERVERS address 10.0.10.0/24`
Add port 22 and ports 1000 through 2000 to the PORTS port group.	`vyatta@R1# set resources group port-group PORTS port 22 vyatta@R1# set resources group port-group PORTS port 1000-2000`
Add a port name to the PORTS port group.	`vyatta@R1# set resources group port-group PORTS port http`
Commit the configuration.	`vyatta@R1# commit`
Show the configuration.	`vyatta@R1# show resources group { address-group SERVERS { address 10.0.10.0/24 address 1.1.1.7 } port-group PORTS { port 22 port 1000-2000 port http } } vyatta@R1#`
Specify a reject action within a firewall instance.	`vyatta@R1# set security firewall name REJECT-GROUPS rule 10 action drop`
Specify the protocol.	`vyatta@R1# set security firewall name REJECT-GROUPS rule 10 protocol tcp`
Specify an address group to match as a destination.	`vyatta@R1# set security firewall name REJECT-GROUPS rule 10 destination address SERVERS`
Specify a port group to match as a destination.	`vyatta@R1# set security firewall name REJECT-GROUPS rule 10 destination port PORTS`
Specify an address group to match as a source.	`vyatta@R1# set security firewall name REJECT-GROUPS rule 10 source address SERVERS`
Commit the configuration.	`vyatta@R1# commit`
Show the configuration.	`vyatta@R1# show security firewall name REJECT-GROUPS name REJECT-GROUPS { rule 10{ action drop destination { address SERVERS port PORTS } protocol tcp source { address SERVERS } } } vyatta@R1#`

Last updated: May 7, 2021

Helpful Links

Key Resources

Get Started An introduction to the Ciena Vyatta NOS

The Vyatta NOS Overview Get to know more about how Vyatta NOS is the best solution

Vyatta NOS Architecture Overview An overview of the Vyatta NOS system architecture

Troubleshooting Guide Identify common issues with your configuration and network setup

Copyright © 2023 Ciena Corporation. All rights reserved