Layer-2 filter examples, Example 1: address filters, Static entries example – Cabletron Systems SmartSwitch User Manual

Page 279

background image

SmartSwitch Router User Reference Manual

279

Chapter 18: Security Configuration Guide

Layer-2 Filter Examples

Figure 23. Source Filter Example

Example 1: Address Filters

Source filter:

The consultant is not allowed to access any file servers. The consultant is

only allowed to interact with the engineers on the same Ethernet segment – port et.1.1.
All traffic coming from the consultant’s MAC address will be dropped.

Destination filter:

No one from the engineering group (port et.1.1) should be allowed to

access the finance server. All traffic destined to the finance server's MAC will be dropped.

Flow filter:

Only the consultant is restricted access to one of the finance file servers. Note

that port et.1.1 should be operating in flow-bridging mode for this filter to work.

Static Entries Example

Source static entry:

The consultant is only allowed to access the engineering file servers

on port et.1.2.

et.1.1

et.1.2

et.1.3

Hub

Engineers,
Consultant

Engineering
File Servers

Finance
File Servers

SSR

filters add address-filter name consultant source-mac 001122:334455

vlan 1 in-port-list et.1.1

filters add address-filter name finance dest-mac AABBCC:DDEEFF vlan 1

in-port-list et.1.1

filters add address-filter name consult-to-finance source-mac

001122:334455 dest-mac AABBCC:DDEEFF vlan 1 in-port-list et.1.1

filters add static-entry name consultant source-mac 001122:334455 vlan 1

in-port-list et.1.1 out-port-list et.1.2 restriction allow