Configuring layer-2 filters, Monitoring bridging – Cabletron Systems SmartSwitch User Manual

Chapter 3: Bridging Configuration Guide

66

SmartSwitch Router User Reference Manual

Configuring Layer-2 Filters

Layer-2 security filters on the SSR allow you to configure ports to filter specific MAC
addresses. When defining a Layer-2 security filter, you specify to which ports you want
the filter to apply. Refer to the “Security Configuration Chapter” for details on configuring
Layer-2 filters. You can specify the following security filters:

•

Address filters

These filters block traffic based on the frame's source MAC address, destination MAC
address, or both source and destination MAC addresses in flow bridging mode.
Address filters are always configured and applied to the input port.

•

Port-to-address lock filters

These filters prohibit a user connected to a locked port or set of ports from using
another port.

•

Static entry filters

These filters allow or force traffic to go to a set of destination ports based on a frame's
source MAC address, destination MAC address, or both source and destination MAC
addresses in flow bridging mode. Static entries are always configured and applied at
the input port.

•

Secure port filters

A secure filter shuts down access to the SSR based on MAC addresses. All packets
received by a port are dropped. When combined with static entries, however, these
filters can be used to drop all received traffic but allow some frames to go through.

Monitoring Bridging

The SSR provides display of bridging statistics and configurations contained in the SSR.

To display bridging information, enter the following commands in Enable mode.

Show IP routing table.

ip show routes

Show all MAC addresses currently
in the l2 tables.

l2-tables show all-macs

Show l2 table information on a
specific port.

l2-tables show port-macs

Show information the master MAC
table.

l2-tables show mac-table-stats

Show information on a specific
MAC address.

l2-tables show mac