Perle Systems P840 manual Security-Filter if Source

Page 43

Filtering

Security—“Filter if Source”

Filter if Source is a function that allows you to filter an Ethernet frame if the source address of the frame equals the address that the Filter if Source function has been applied to.

Example:

Assume that a Personal Computer is located on segment 1 on the local bridge/router. This station is a community station that various departments may use for general processing. However, this station may only access those services that exist on its local segment, and it must be restricted from accessing any services on remote LANs. This can be easily accomplished with a “Filter if Source.”

The Ethernet Address for this Personal Computer is: 01-02-03-04-05-06

Again, this address uniquely identifies this computer station.

To configure the bridge/router to ensure that this station is unable to access facilities on a remote LAN segment, follow the instructions below:

1From the MAIN MENU of the console of the local bridge/router, enter a 1.

(Enter an “=“ from any menu to go back to the MAIN MENU.)

This will place you at the CONFIGURATION MENU, where access to the filtering menu is obtained.

2From the CONFIGURATION MENU, enter an 8.

This will place you at the FILTER SET-UP MENU, where access to the individual filtering menus is obtained.

3From the FILTER SET-UP MENU, enter a 1.

This will place you at the MAC ADDRESS FILTERS MENU, where access to the MAC Address filters is obtained.

4From the MAC ADDRESS FILTERS MENU, make sure that the Filter Operation is currently set to “positive”.

This will cause the MAC Address Filters specified to be used for filtering frames with the specified MAC addresses.

5From the MAC ADDRESS FILTERS MENU, enter a 1.

This will place you at the first EDIT MAC ADDRESS FILTER MENU screen. At the prompt enter the MAC address for which you want to specify the filter.

6Enter the 12-digit Ethernet address of the Personal Computer system in the following format: 010203040506 (enter a Return)

The edit screen will fill in the information that the table knows about this address. For this example, let us assume that it knows that the address status is [not present] and is of [unknown] location.

In this example, the bridge/router is not aware of this station as of yet. The station has probably not been active for the bridge/router to “learn” any information about it.

Therefore, you will have to tell the bridge/router a little bit more about the station.

7 Enter a 2 to enter the location of the station.

43

Page 42 Page 44
Image 43
Page 42 Page 44
Contents Perle P840 P840 Router IntroductionIP Routing and the P840 Router ARP-Address Resolution ProtocolProxy ARP Complete IP Connection IP Header Details Quench Icmp MessagesUnreachable RedirectTime and Mask server Update MechanismRIP-Routing Information Protocol PingInitial Bridging Process Bridging and the P840 RouterStation Address Learning Aging Timer Address Purging Filled Address TableAging Exception Telnet P840 Router Feature DefinitionsLink Compression Typical Compression Ratios by File Type Multipoint WAN TopologiesBandwidth On Demand MultilinkTime of Day Connect Application Operating Software UpgradesWide Area Network Topologies Supported P840 Isdn Connection ManagementCall Establishment Methods Auto-Call Time-of-Day Connections Isdn Connection ManagementManual Call Address ConnectCombination Connection ProcessInteresting Traffic Idle TimerProtocol Awareness Suspension ProcessSuspended Server P840 Session Participation SpoofingSuspension of TCP/IP Sessions IP SpecificsTermination Process IP Address ConnectPinout Information Console ConnectorEvent logs Event LogsEvent Logs Event Logs Event Logs Event Logs Event Logs Alarm logs Event Logs Event Logs Event Logs Code Description Code Event Logs Event Logs Event Logs Event Logs Event Logs PPP Security logs Security MAC Address FilteringSecurity-Filter if Destination FilteringSecurity-Filter if Source Security-Forward if Destination Security-Forward if Source FilteringFiltering Bridge Pattern Filtering Pattern Filter OperatorsProtocol Discrimination IP, and no more Protocol Type FieldInternet Protocol IP Filter all IP PacketsFiltering Filter all except TCP/IP Transport Control Protocol / Internet Protocol TCP/IPFilter only TCP/IP Filter all IP without TCP trafficEthernet Multicasting Bandwidth ConservationFilter all DEC Ethernet BroadcastingInternet Addresses General RestrictionsEthernet Station Addresses Mask would be 6-010203040506&12-0800&23-06 Example Mask CombinationsIP Router Pattern Filtering Frame Formats Ethernet Type Codes Octet Locations on an IP Routed TCP/IP Frame Octet Locations on a Bridged XNS Frame

P840 specifications

Perle Systems is renowned for its high-performance networking hardware, and the Perle P840 model exemplifies this reputation with its advanced features and technologies. Designed for small to medium-sized enterprises, the P840 serves as a versatile and reliable solution for connectivity needs.

One of the main features of the Perle P840 is its robust network performance, supporting both Ethernet and serial connectivity. With support for RS-232, RS-422, and RS-485 interfaces, the P840 enables seamless integration of legacy devices into modern network architectures, allowing businesses to leverage existing infrastructure without the need for extensive upgrades.

The P840 also boasts advanced security features to protect sensitive data during transmission. It supports SSL encryption and VPN capabilities, ensuring that data travels securely across the network. Additionally, it implements strong authentication protocols, providing organizations with peace of mind knowing that their communications are safeguarded against potential threats.

Another standout characteristic of the P840 is its flexibility in configuration. It offers multiple port configurations, allowing for customization based on specific user needs. With options for both managed and unmanaged modes, the device can easily adapt to various network environments. This flexibility makes it suitable for diverse applications, including industrial automation, process control, and telecommunications.

The Perle P840 is designed for durability and reliability, featuring a rugged enclosure that can withstand demanding environments. Its solid-state components reduce the risk of failure, contributing to increased uptime and lower maintenance costs. Furthermore, the compact design allows for easy installation in tight spaces, making it a practical choice for various deployment scenarios.

In terms of management and monitoring, the P840 includes an intuitive web-based interface, enabling administrators to configure settings and monitor network performance effortlessly. SNMP support further enhances management capabilities, allowing for integration into larger network management systems.

Overall, the Perle P840 stands out as a powerful solution for enterprises seeking seamless connectivity, robust security, and flexibility in configuration. Its combination of advanced features and durable design makes it an ideal choice for industries requiring reliable serial and network connectivity in challenging environments. With the P840, businesses can build a resilient networking infrastructure that supports their growing demands while safeguarding their critical data.
Top Page Image Contents