Defining Mac Address Filters - HP 9304m Installation And Getting Started Manual

Installation and Getting Started Guide
NOTE: Tagging does not apply to the default VLAN.
For details on configuring port-based VLANs, refer to "Configuring Virtual LANs (VLANs)" in the Advanced
Configuration and Management Guide .
USING THE CLI
When using the CLI, ports are defined as either tagged or untagged at the VLAN level.
EXAMPLE:
Suppose you want to make port 5 on module 1 a member of port-based VLAN 4, a tagged port. To do so, enter
the following:
HP9300(config)# vlan 4
HP9300(config-vlan-4)# tagged e 1/5
Syntax: tagged ethernet <portnum> [to <portnum> [ethernet <portnum>]]
USING THE WEB MANAGEMENT INTERFACE
To apply 802.1q tagging to a port:
1. Log on to the device using a valid user name and password for read-write access. The System configuration
panel is displayed.
2. Click on the plus sign next to Configure in the tree view to display the configuration options.
3. Select the Port link to display the Port table.
4. Click on the Modify button next to the row of information for the port you want to reconfigure.
5. Select Enable next to IEEE Tagging.
NOTE: This option appears only if you are modifying a port that is a member of a port-based VLAN other
than the default VLAN. Tagging does not apply to ports that are not in a port-based VLAN and does not apply
to the default VLAN.
6. Click Apply to save the changes to the device's running-config file.
7. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device's flash memory.

Defining MAC Address Filters

MAC layer filtering enables you to build access lists based on MAC layer headers in the Ethernet/IEEE 802.3
frame. You can filter on the source and destination MAC addresses as well as other information such as the
EtherType, LLC1 DSAP or SSAP numbers, and a SNAP EtherType. The filters apply to incoming traffic only.
NOTE: MAC filters do not block management access to the HP device. For example, if you apply a filter to block
a specific host, the filter blocks switch traffic from the host but does not prevent the host from establishing a
management connection to the device through Telnet. To block management access, use an Access Control List
(ACL). See the "IP Access Control Lists (ACLs)" chapter of the Advanced Configuration and Management Guide .
NOTE: You cannot use Layer 2 filters to filter Layer 4 information. To filter Layer 4 information, use IP access
policies. See the "Policies and Filters" appendix in the Advanced Configuration and Management Guide .
You configure MAC filters globally, then apply them to individual interfaces. To apply MAC filters to an interface,
you add the filters to that interface's MAC filter group.
The device takes the action associated with the first matching filter. If the packet does not match any of the filters
in the access list, the default action is to drop the packet. If you want the system to permit traffic by default, you
must specifically indicate this by making the last entry in the access list a permit filter. Here is an example:
mac filter <last-index-number> permit any any
4 - 32