Traffic/Security Filters
Filter Types and Operation
■
When you create a source port filter, all ports and port trunks (if any)
on the switch appear as destinations on the list for that filter, even if
routing is disabled and separate VLANs and/or subnets exist. Where
traffic would normally be allowed between ports and/or trunks, the
switch automatically forwards traffic to the outbound ports and/or
trunks you do not specifically configure to drop traffic. (Destination
ports that comprise a trunk are listed collectively by the trunk name—
such as
Trk1
— instead of by individual port name.)
■
Packets allowed for forwarding by a source-port filter are subject to
the same operation as inbound packets on a port that is not configured
for source-port filtering.
■
With multiple IP addresses configured on a VLAN, and routing
enabled on the switch, a single port or trunk can be both the source
and destination of packets moving between subnets in that same
VLAN. In this case, you can prevent the traffic of one subnet from
being routed to another subnet of the same port by configuring the
port or trunk as both the source and destination for traffic to drop.
Example
If you wanted to prevent server “A” from receiving traffic sent by workstation
“X”, but do not want to prevent any other servers or end nodes from receiving
traffic from workstation “X”, you would configure a filter to drop traffic from
port 5 to port 7. The resulting filter would drop traffic from port 5 to port 7,
but would forward all other traffic from any source port to any destination
port. (Refer to figures 9-2 and 9-3.
Switch
Server "A"
Port 7
Port 8
Server "B"
Port 9
Server "C"
Port 5
Workstation " X"
Figure 9-2. Example of a Filter Blocking Traffic only from Port 5 to Server "A"
9-5
Содержание J8697A
Страница 1: ...6200yl Access Security Guide 5400zl 3500yl ProCurve Switches K 11 XX www procurve com ...
Страница 2: ......
Страница 22: ...Product Documentation Feature Index xx ...
Страница 55: ...Configuring Username and Password Security Front Panel Security 2 21 ...
Страница 56: ...Configuring Username and Password Security Front Panel Security 2 22 ...
Страница 58: ...Virus Throttling Contents Operating Notes 3 30 Connection Rate Log and Trap Messages 3 31 3 2 ...
Страница 88: ...Virus Throttling Connection Rate Log and Trap Messages This page is intentionally unused 3 32 ...
Страница 118: ...Web and MAC Authentication Client Status This page intentionally unused 4 30 ...
Страница 230: ...Configuring Secure Socket Layer SSL Common Errors in SSL setup This page is intentionally unused 8 22 ...
Страница 356: ...Configuring and Monitoring Port Security Operating Notes for Port Security 11 44 ...
Страница 370: ...Using Authorized IP Managers Operating Notes This page is intentionally unused 12 14 ...
Страница 388: ...10 Index ...
Страница 389: ......