Table of Contents
Advertisement
7-8
C
7: U
HAPTER
SER
Using Address
Groups and Port
Groups in a
Packet Filter
What Is an Address
Group?
-
P
F
DEFINED
ACKET
ILTERING
The section "About User-defined Packet Filtering" described how you can
use packet filters to restrict the flow of packets based solely on the contents
of the packet. The LANplex system also allows you to set up groups of
addresses or ports and then combine these group definitions with the
packet filter definitions to control which stations can communicate with
each other. For instance, you can define a group of:
Stations that can communicate only with other stations in that group
Stations that have access only to a specific network resource
Stations that have access only to a group of network segments
Network segments whose attached stations can communicate only with
each other
An address group is a list of MAC addresses. You can configure up to 32
address groups per LANplex 2500 system. You can associate the same
address group with multiple systems.
When an address is added to a group, the address is inserted into the
address table on each system that is associated with that group. Each
address table entry has a 32-bit group mask associated with it. Each bit in
the mask specifies one of the 32 groups. For example, bit 1 could specify
group 1, and bit 2 could specify group 2. When an address is added to a
group, the corresponding bit in the mask is set. See Figure 7-6.
Advertisement
Table of Contents
