Foundry Networks Switch and Router Installation And Configuration Manual page 910

Foundry Switch and Router Installation and Configuration Guide
4. Click on the Zone Filter link.
• If the device does not have any AppleTalk zone filters, the AppleTalk Zone Filter configuration panel is
displayed, as shown in the following example.
• If an AppleTalk zone filter is already configured and you are adding a new one, click on the Configure
AppleTalk Zone Filter link to display the AppleTalk Zone Filter configuration panel, as shown in the
following example.
• If you are modifying an existing AppleTalk zone filter, click on the Modify button to the right of the row
describing the filter to display the AppleTalk Zone Filter configuration panel, as shown in the following
example.
5. Select the interface for which a zone filter is to be defined, from the port or slot/port pull down menu(s). In this
example, you are defining a zone filter for interfaces 1, 3, 13, and 15, all of which have membership in either
or both of the Marketing and Field Service zones.
6. Enter the name of the zone to which you are permitting or denying access. In this case, enter Finance.
7. Select either Deny or Permit. In this example, select Deny for interfaces 1, 3, 13, and 15.
8. Enable RTMP filtering to filter on a network basis. When RTMP filtering is enabled on an interface, the denied
network numbers are removed from the RTMP packet before it is transmitted out of the interface.
9. Click the Apply button to apply the changes to the device's running-config file.
10. Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change
to the startup-config file on the device's flash memory.
Define Additional Zone Filters
When defining AppleTalk zone filters, you must define both deny and permit relationships for an interface. For
instance, in the previous example, a deny filter prevents users within Marketing and Field Service zones from
accessing the Finance zone.
Because all additional zones not specifically addressed by a deny filter are permitted by default, you do not need
to configure any specific permit definitions, and the requirement of defining both deny and permit relationships is
satisfied.
However, the additional zone filter is useful in denying access to those zones not specifically addressed in permit
zone filters. Consider the following example.
EXAMPLE:
Suppose Sales, Human Resources (HR), Engineering, and Training zones will be added to the network in the next
month. You know in advance that the only other zone that will be allowed access to the Finance zone is the HR
zone.
You can configure permit zone filters for ports 10 and 14 that allow the HR zone to have access to the finance
zone and deny access to all others with a deny additional zone filter. This approach addresses the current
network and all future zone additions with no additional configuration.
24 - 12 December 2000