115
CrossFire 8600/8605 Token-Ring Switches v. 1.2, P/N: 710001641
Switch Configuration
Address Filtering
The Address Filtering feature enables you to restrict certain users from
communicating with other users. To do this, you can specify source and destination
MAC-layer Token-Ring addresses to be filtered at the source port. Token-Ring
addresses can be unicast, multicast, or broadcast.
The advantage of address filtering is increased access control and network
segmentation. For example, suppose one port is connected to a server containing
confidential information from the engineering workgroup. You can prevent access
to the server by setting up filters for the addresses of connections from workgroups
other than engineering. This is an example of two “types” of filters, “allowing a
source address” (engineering) or “blocking a source address(es)” (other
workgroups). Examples of different types of filters are allowing, forcing, or
blocking packets from a source address, or allowing, forcing, or blocking packets
to a destination address. For a detailed explanation of filter types, see the
“Configure Filters Screen” section within this chapter.
Observe the following guidelines when setting up address filters:
•
Use the Filters & Port Security menu to create port filters.
•
Filters are port specific and applied to a switch’s incoming traffic only.
•
Up to 250 “filters” can be created for each switch (the filters must be applied
to specific ports at a specified switch). A “filter” is a combination of a MAC
address and the “type” of filter it is. For example, if the MAC address 0000A3
C00021 is configured as source type at a port and also configured as a
destination type, that would count as two different filters (towards the
maximum of 250 filters).
•
You can apply these filters to any combination of ports as long as there is a
maximum of 250 filters (not 250 ports, because more than one port can be part
of a filter). For example:
— Filter “A” (MAC address 0000A3 C00021, source type) can be applied to
ports 1, 5, 7, 14 (or to all the ports)
— Filter “B” (MAC address 0000A3 C00021, destination type) can be
applied to the same ports, or different ports, or once again, to all the ports
— Filter “C” (MAC address 0340B7 A02026, source type) can be applied to
any combination of ports; until a maximum of 250 filters are created.
➽
Note: If you set up a filter for broadcast packets, hosts on the other side of the
switch may not see ARP broadcast packets. To prevent this, let the switch learn the
host addresses before implementing the filter. Most hosts time out their local
address entries and attempt to relearn with a broadcast ARP.
Содержание CrossFire 8600
Страница 1: ...DOC 6951 1 2 CrossFire TM 8600 8605 Guide to Operations Token Ring Switches...
Страница 2: ......
Страница 3: ...CrossFire TM 8600 8605 Token Ring Switches Guide to Operations...
Страница 6: ...iv CrossFire 8600 8605 Token Ring Switches v 1 2 P N 710001641...
Страница 32: ...16 CrossFire 8600 8605 Token Ring Switches v 1 2 P N 710001641 Overview and Specifications...
Страница 58: ...42 CrossFire 8600 8605 Token Ring Switches v 1 2 P N 710001641 Switch Theory of Operation...
Страница 160: ...144 CrossFire 8600 8605 Token Ring Switches v 1 2 P N 710001641 Switch Configuration...
Страница 208: ...192 CrossFire 8600 8605 Token Ring Switches v 1 2 P N 710001641 Monitoring the Network with SNMP...
Страница 216: ...200 CrossFire 8600 8605 Token Ring Switches v 1 2 P N 710001641 Troubleshooting...
Страница 222: ...206 CrossFire 8600 8605 Token Ring Switches v 1 2 P N 710001641 Getting in Touch with Technical Support...
Страница 226: ...210 CrossFire 8600 8605 Token Ring Switches v 1 2 P N 710001641 Abbreviations...
Страница 236: ...220 CrossFire 8600 8605 Token Ring Switches v 1 2 P N 710001641 Cable and Pin Information...
Страница 249: ......