Layer-2 Filter Examples; Example 1: Address Filters; Static Entries Example - Cabletron Systems SmartSwitch Router User's Reference Manual

Layer-2 Filter Examples

Example 1: Address Filters

Source filter: The consultant is not allowed to access any file servers. The consultant is
only allowed to interact with the engineers on the same Ethernet segment – port et.1.1.
All traffic coming from the consultant's MAC address will be dropped.
filters add address-filter name consultant source-mac 001122:334455
vlan 1 in-port-list et.1.1
Destination filter: No one from the engineering group (port et.1.1) should be allowed to
access the finance server. All traffic destined to the finance server's MAC will be dropped.
filters add address-filter name finance dest-mac AABBCC:DDEEFF vlan 1
in-port-list et.1.1
Flow filter: Only the consultant is restricted access to one of the finance file servers. Note
that port et.1.1 should be operating in flow-bridging mode for this filter to work.
filters add address-filter name consult-to-finance source-mac
001122:334455 dest-mac AABBCC:DDEEFF vlan 1 in-port-list et.1.1

Static Entries Example

Source static entry: The consultant is only allowed to access the engineering file servers
on port et.1.2.
filters add static-entry name consultant source-mac 001122:334455 vlan 1
in-port-list et.1.1 out-port-list et.1.2 restriction allow
SmartSwitch Router User Reference Manual
SSR
et.1.1 et.1.2
Hub
Engineering
File Servers
Engineers,
Consultant
Figure 23. Source Filter Example
Chapter 18: Security Configuration Guide
et.1.3
Finance
File Servers
279