Enterasys Networks Fast Network 10 User Manual
Page 93
Using Filters for Security Purposes
Fast Network 10 User Guide
Page 5-13
Example 2: Blocking Access to Specific Stations
In this example, a company uses a FN10 to connect two LANs (see
Figure 5-2). Three workstations on LAN 2 (the Accounting Subnet)
contain sensitive data (workstations F, G, and H). The company wants to
prevent users on LAN 1 (the Manufacturing Subnet) from accessing data
on these three workstations. Therefore, the objective is to prevent users on
LAN 1 from accessing workstations F, G, and H on LAN 2.
Figure 5-2
Using Filters to Restrict Access to Specific Stations
In this example, a Port filter is configured that instructs the FN10 to
discard data packets whose destination address is F, G, or H (the
addresses of the workstations containing sensitive data). Therefore, the
FN10 will not pass any packets from LAN 1 to LAN 2 if the packet’s
destination address is F, G, or H.
This filtering example specifies three separate components:
•
Traffic from LAN 1
•
Traffic destined for addresses F, G, and H on LAN 2
•
Match flags for both components
FN10
Accounting Subnet
Manufacturing Subnet
LAN 1
B
C
D
A
F
E
G
H
LAN 2
Computers that cannot
be accessed by LAN 1
users
Concentrator
Concentrator