Bridging And Routing Protocol Filtering - Cabletron Systems CSX200 CyberSWITCH Installation Manual

CSX200 Firmware Support
The CSX200 uses the Spanning Tree Algorithm to prevent data loops and duplicate data. This is a
self-learning bridge, i.e., the bridge builds and updates an address table with each MAC source
address and associated information when the packets are received.
IP routing support provides the ability to process TCP/IP frames at the network
IP Routing —
layer for routing. IP routing support includes the Routing Information Protocol (RIP) that allows
the exchange of routing information on a TCP/IP network. The CSX200 receives and rebroadcasts
RIP messages to and from adjacent routers and workstations.
IPX Routing — Internet Packet Exchange (IPX) routing support provides the ability to process
Novell proprietary frames at the network layer for routing. IPX routing support includes both
Routing Information Protocol (RIP), and Service Advertising Protocol (SAP). These protocols
allow the exchange of routing information on a Novell NetWare network. The SAP protocol
provides a means for routers and workstations to advertise their class of services (file, print, etc.) to
adjacent routers and workstations.

Bridging and Routing Protocol Filtering

Filtering is used to allow efficient usage of network resources and provide security for your
network and hosts.
IP Internet Firewall — The CSX200 supports IP Internet Firewall filtering to prevent
unauthorized access to your system and network resources from the Internet or a corporate
Intranet. Security can be configured to permit or deny IP traffic. The security is established by
configuring IP access filters, which are based on source IP address, source mask, destination IP
address, destination mask, protocol type, and application port identifiers for both Transmission
Control Protocol (TCP) and User Datagram Protocol (UDP).
IP access filters allow individual IP source and destination pair filtering as well as IP address
ranges and wild carding to match any IP address. Firewall filters can be defined to allow inbound
only, outbound only, or bi-directional IP communication up to the UDP and TCP application port
level. The CSX200 supports the IP Access Control (from the ctip-mib) Internet Firewall Filter.
Bridge filtering lets a network administrator control the flow of packets
Bridge Filtering —
across the CSX200. Bridge filtering is used to "deny" or "allow" packets based on a "matched
pattern" using a specified position and hexadecimal content within the packet. This enables
restricting or forwarding of messages based on address, protocol, or data content. Common uses
include preventing access to remote networks, controlling unauthorized access to the local
network, and limiting unnecessary traffic.
CSX200 Installation Guide 2-11