Perle Systems P840 manual MAC Address Filtering, Security

Page 41

5 Programmable Filtering

Programmable filtering gives the network manager the ability to control under what conditions Ethernet frames are forwarded across bridge or bridge/router ports. There are many reasons why this might need to be accomplished, some of which are security, protocol discrimination, bandwidth conservation, and general restrictions.

To reach a specific filtering goal, there is usually more than one possible filter expression that may be used. This of course is dependent on the specific filtering requirement, and how flexible the filter should be.

The following pages describe how programmable filters may be used in typical applications. Although this is only a small sampling of the many possibilities, a cross-section of use of filters is presented.

MAC Address Filtering

Security

The need for security has become increasingly important in Local Area Networking, and with the use of programmable filters, security may be easily and effectively implemented across segment boundaries. By defining a programmable filter, the network manager may control what traffic is allowed between LAN segments, thereby controlling the security of resources by preventing unauthorized user access.

The P840 router provides three built-in functions – in addition to defined programmable masks – to control the access to resources. The first function is “Filter if Source the second is “Filter if Destination The third function allows you to change the filter operation from “positive” to “negative”. Positive filter operation causes the specified MAC addresses to be filtered according to the entered method. Negative filter operation causes the specified MAC addresses to be forwarded according to the entered method.

You may easily prevent any station on one segment from accessing a specific resource on the other segment; for this, “positive” filtering and the use of “Filter if Destination” would be appropriate. If you want to disallow a specific station from accessing any service, “Filter if Source” could be used.

You may easily prevent stations on one segment from accessing all but a specific resource on the other segment; for this, “negative” filtering and the use of “Forward if Destination” would be appropriate. If you want to disallow all but a specific station from accessing any service on the other segment, the use of “Forward if Source” could be used.

Example cases are found on the following pages.

TCP/IP, XNS, and Novell Netware frame formats, as well as some common Ethernet type codes, are found by the back cover.

41

Page 40 Page 42
Image 41
Page 40 Page 42
Contents Perle P840 P840 Router IntroductionProxy ARP ARP-Address Resolution ProtocolIP Routing and the P840 Router Complete IP Connection IP Header Details Unreachable Icmp MessagesRedirect QuenchRIP-Routing Information Protocol Update MechanismPing Time and Mask serverStation Address Learning Bridging and the P840 RouterInitial Bridging Process Aging Timer Aging Exception Filled Address TableAddress Purging Link Compression P840 Router Feature DefinitionsTelnet Typical Compression Ratios by File Type Bandwidth On Demand WAN TopologiesMultilink MultipointTime of Day Connect Application Operating Software UpgradesCall Establishment Methods P840 Isdn Connection ManagementWide Area Network Topologies Supported Auto-Call Time-of-Day Connections Isdn Connection ManagementManual Call Address ConnectCombination Connection ProcessProtocol Awareness Idle TimerSuspension Process Interesting TrafficSuspended Server P840 Session Participation SpoofingTermination Process IP SpecificsIP Address Connect Suspension of TCP/IP SessionsPinout Information Console ConnectorEvent logs Event LogsEvent Logs Event Logs Event Logs Event Logs Event Logs Alarm logs Event Logs Event Logs Event Logs Code Description Code Event Logs Event Logs Event Logs Event Logs Event Logs PPP Security logs Security MAC Address FilteringSecurity-Filter if Destination FilteringSecurity-Filter if Source Security-Forward if Destination Security-Forward if Source FilteringFiltering Protocol Discrimination Pattern Filter OperatorsBridge Pattern Filtering Internet Protocol IP Protocol Type FieldFilter all IP Packets IP, and no moreFiltering Filter only TCP/IP Transport Control Protocol / Internet Protocol TCP/IPFilter all IP without TCP traffic Filter all except TCP/IPFilter all DEC Bandwidth ConservationEthernet Broadcasting Ethernet MulticastingEthernet Station Addresses General RestrictionsInternet Addresses Mask would be 6-010203040506&12-0800&23-06 Example Mask CombinationsIP Router Pattern Filtering Frame Formats Ethernet Type Codes Octet Locations on an IP Routed TCP/IP Frame Octet Locations on a Bridged XNS Frame

P840 specifications

Perle Systems is renowned for its high-performance networking hardware, and the Perle P840 model exemplifies this reputation with its advanced features and technologies. Designed for small to medium-sized enterprises, the P840 serves as a versatile and reliable solution for connectivity needs.

One of the main features of the Perle P840 is its robust network performance, supporting both Ethernet and serial connectivity. With support for RS-232, RS-422, and RS-485 interfaces, the P840 enables seamless integration of legacy devices into modern network architectures, allowing businesses to leverage existing infrastructure without the need for extensive upgrades.

The P840 also boasts advanced security features to protect sensitive data during transmission. It supports SSL encryption and VPN capabilities, ensuring that data travels securely across the network. Additionally, it implements strong authentication protocols, providing organizations with peace of mind knowing that their communications are safeguarded against potential threats.

Another standout characteristic of the P840 is its flexibility in configuration. It offers multiple port configurations, allowing for customization based on specific user needs. With options for both managed and unmanaged modes, the device can easily adapt to various network environments. This flexibility makes it suitable for diverse applications, including industrial automation, process control, and telecommunications.

The Perle P840 is designed for durability and reliability, featuring a rugged enclosure that can withstand demanding environments. Its solid-state components reduce the risk of failure, contributing to increased uptime and lower maintenance costs. Furthermore, the compact design allows for easy installation in tight spaces, making it a practical choice for various deployment scenarios.

In terms of management and monitoring, the P840 includes an intuitive web-based interface, enabling administrators to configure settings and monitor network performance effortlessly. SNMP support further enhances management capabilities, allowing for integration into larger network management systems.

Overall, the Perle P840 stands out as a powerful solution for enterprises seeking seamless connectivity, robust security, and flexibility in configuration. Its combination of advanced features and durable design makes it an ideal choice for industries requiring reliable serial and network connectivity in challenging environments. With the P840, businesses can build a resilient networking infrastructure that supports their growing demands while safeguarding their critical data.
Top Page Image Contents