Chapter 9: Security Configuration Guide
SSR User Reference Manual
9 - 7
Layer-2 Filter Examples
Example 1: Address Filters
Source filter: The consultant is not allowed to access any file servers. The consultant
is only allowed to interact with the engineers on the same Ethernet segment – port
et.1.1. All traffic coming from the consultant’s MAC address will be dropped.
filters add address-filter name consultant source-mac
001122:334455 vlan 1 in-port-list et.1.1
Destination filter: No one from the engineering group (port et.1.1) should be allowed
to access the finance server. All traffic destined to the finance server's MAC will be
dropped.
filters add address-filter name finance dest-mac AABBCC:DDEEFF
vlan 1 in-port-list et.1.1
Flow filter: Only the consultant is restricted access to one of the finance file servers.
Note that port et.1.1 should be operating in flow-bridging mode for this filter to work.
filters add address-filter name consult-to-finance source-mac
001122:334455 dest-mac AABBCC:DDEEFF vlan 1 in-port-list et.1.1
Static Entries Example:
Source static entry: The consultant is only allowed to access the engineering file
servers on port et.1.2.
filters add static-entry name consultant source-mac
001122:334455 vlan 1 in-port-list et.1.1 out-port-list et.1.2
restriction allow
et.1.1
et.1.2
et.1.3
SSR
Hub
Engineers,
Consultant
Engineering
File Servers
Finance
File Servers
Summary of Contents for SmartSwitch 8-slot
Page 1: ...SmartSwitch Router User Reference Manual 9032578...
Page 2: ......
Page 6: ...Notice vi...
Page 10: ...About This Manual x SSR User Reference Manual...
Page 36: ...Chapter 1 SmartSwitch Router Product Overview 1 18 SSR User Reference Manual...
Page 60: ...Chapter 4 RIP Configuration Guide 4 6 SSR User Reference Manual...
Page 115: ...Chapter 7 Multicast Routing Configuration Guide SSR User Reference Manual 7 9...
Page 116: ...Chapter 7 Multicast Routing Configuration Guide 7 10 SSR User Reference Manual...
Page 142: ...Chapter 9 Security Configuration Guide 9 18 SSR User Reference Manual...