HP ProCurve 6400cl Series Access Security Manual page 261

Network Design
1. Accounting Workstations may only send traffic to the Accounting Server.
2. No Internet traffic may be sent to the Accounting Server or Workstations.
3 All other switch ports may on y send traffic to Port 1.
Accounting Workstation 1
Accounting Workstation 2
Figure 9-4. Network Configuration for Named Source-Port Filters Example
Defining and Configuring Example Named Source-Port Filters. While
named source-port filters may be defined and configured in two steps, this is
not necessary. Here we define and configure each of the named source-port
filters for our example network in a single step.
ProCurve(config)# filter source-port named-filter web-only drop 2-26
ProCurve(config)# filter source-port named-filter accounting drop 1-6,8,9,12-26
ProCurve(config)# filter source-port named-filter no-incoming-web drop 7,10,11
ProCurve(config)# show filter source-port
Traffic/Security Filters
Filter Name | Port List
-------------------- + -------------------- + --------------------------
web-only | NOT USED
accounting | NOT USED
no-incoming-web | NOT USED
ProCurve Switch 2626(config)#
Applying Example Named Source-Port Filters.
Once the named source-port filters have been defined and configured we now
apply them to the switch ports.
l
Port 10
Port 11
| Action
| drop 2-26
| drop 1-6,8-9,12-26
| drop 7,10-11
Traffic/Security Filters
Filter Types and Operation
Router to the
Port 1
Internet
Port 7
Accounting Server 1
Ports and port trunks using the
filter. When NOT USED
di splayed the named source-port
filter may be deleted.
Lists the ports and port trunks
dropped by the filter. Ports and
port trunks not shown are
forwarded by the filter.
To remove a port or port trunk
from the list, update the named
source-port fi ter definition l
using the forward option.
is
9-9