Perle Systems P840 manual Security-Forward if Destination

Page 44

Filtering

8The bridge/router will prompt you for the LAN that the station is located on; enter the name of the partner bridge/router LAN (LAN345678, for example).

Note that the Status of the address is marked as [present], the location is updated to LAN345678 and the Permanent entry is [enabled].

9Enter a 3 to [enable] the “Filter if Source ” parameter. The edit screen will be updated to show the new information.

At this point, the address is added to the permanent filter table of the local LAN. This entry, therefore, will not be subject to the aging timer, and will remain active until it is removed from the permanent entry table.

When a frame of information is seen on the local LAN that contains the address of the Personal Computer in the source field of the frame, the bridge/router will not forward it, effectively preventing any access from the PC to remote LANs.

Most programmable filtering options may be used for security purposes. The examples above are specific instances where the two “Filter if” functions may be used.

Security—“Forward if Destination”

Forward if Destination is a function that allows you to forward an Ethernet frame based on the destination of its address and filter all other frames. If the destination address equals the address that the Forward if Destination function has been applied to, the frame is forwarded.

Example:

Assume that a host Computer is located on LAN segment 2 located on a partner bridge/router with an Ethernet address of:

00-00-01-02-03-04 (host Ethernet address)

Since each station on a LAN has a unique Ethernet address, this address uniquely identifies this host computer.

To prevent LAN users located on segment 1, located on the local bridge/router, from accessing any only this host system and no other systems, follow the instructions below:

1From the MAIN MENU of the console of the local bridge/router, enter a 1. (Enter an “=“ from any menu to go back to the MAIN MENU.)

This will place you at the CONFIGURATION MENU, where access to the filtering menu is obtained.

2From the CONFIGURATION MENU, enter an 8.

This will place you at the FILTER SET-UP MENU, where access to the individual filtering menus is obtained.

3From the FILTER SET-UP MENU, enter a 1.

This will place you at the MAC ADDRESS FILTERS MENU, where access to the MAC Address filters is obtained.

4From the MAC ADDRESS FILTERS MENU, make sure that the Filter Operation is currently set to “negative”.

This will cause the MAC Address Filters specified to be used for forwarding frames with the specified MAC addresses.

44

Page 43 Page 45
Image 44
Page 43 Page 45
Contents Perle P840 Introduction P840 RouterProxy ARP ARP-Address Resolution ProtocolIP Routing and the P840 Router Complete IP Connection IP Header Details Icmp Messages UnreachableRedirect QuenchUpdate Mechanism RIP-Routing Information ProtocolPing Time and Mask serverStation Address Learning Bridging and the P840 RouterInitial Bridging Process Aging Timer Aging Exception Filled Address TableAddress Purging Link Compression P840 Router Feature DefinitionsTelnet Typical Compression Ratios by File Type WAN Topologies Bandwidth On DemandMultilink MultipointOperating Software Upgrades Time of Day Connect ApplicationCall Establishment Methods P840 Isdn Connection ManagementWide Area Network Topologies Supported Isdn Connection Management Auto-Call Time-of-Day ConnectionsAddress Connect Manual CallConnection Process CombinationIdle Timer Protocol AwarenessSuspension Process Interesting TrafficP840 Session Participation Spoofing Suspended ServerIP Specifics Termination ProcessIP Address Connect Suspension of TCP/IP SessionsConsole Connector Pinout InformationEvent Logs Event logsEvent Logs Event Logs Event Logs Event Logs Event Logs Alarm logs Event Logs Event Logs Event Logs Code Description Code Event Logs Event Logs Event Logs Event Logs Event Logs PPP Security logs MAC Address Filtering SecurityFiltering Security-Filter if DestinationSecurity-Filter if Source Security-Forward if Destination Filtering Security-Forward if SourceFiltering Protocol Discrimination Pattern Filter OperatorsBridge Pattern Filtering Protocol Type Field Internet Protocol IPFilter all IP Packets IP, and no moreFiltering Transport Control Protocol / Internet Protocol TCP/IP Filter only TCP/IPFilter all IP without TCP traffic Filter all except TCP/IPBandwidth Conservation Filter all DECEthernet Broadcasting Ethernet MulticastingEthernet Station Addresses General RestrictionsInternet Addresses Mask Combinations Mask would be 6-010203040506&12-0800&23-06 ExampleIP Router Pattern Filtering Frame Formats Ethernet Type Codes Octet Locations on an IP Routed TCP/IP Frame Octet Locations on a Bridged XNS Frame

P840 specifications

Perle Systems is renowned for its high-performance networking hardware, and the Perle P840 model exemplifies this reputation with its advanced features and technologies. Designed for small to medium-sized enterprises, the P840 serves as a versatile and reliable solution for connectivity needs.

One of the main features of the Perle P840 is its robust network performance, supporting both Ethernet and serial connectivity. With support for RS-232, RS-422, and RS-485 interfaces, the P840 enables seamless integration of legacy devices into modern network architectures, allowing businesses to leverage existing infrastructure without the need for extensive upgrades.

The P840 also boasts advanced security features to protect sensitive data during transmission. It supports SSL encryption and VPN capabilities, ensuring that data travels securely across the network. Additionally, it implements strong authentication protocols, providing organizations with peace of mind knowing that their communications are safeguarded against potential threats.

Another standout characteristic of the P840 is its flexibility in configuration. It offers multiple port configurations, allowing for customization based on specific user needs. With options for both managed and unmanaged modes, the device can easily adapt to various network environments. This flexibility makes it suitable for diverse applications, including industrial automation, process control, and telecommunications.

The Perle P840 is designed for durability and reliability, featuring a rugged enclosure that can withstand demanding environments. Its solid-state components reduce the risk of failure, contributing to increased uptime and lower maintenance costs. Furthermore, the compact design allows for easy installation in tight spaces, making it a practical choice for various deployment scenarios.

In terms of management and monitoring, the P840 includes an intuitive web-based interface, enabling administrators to configure settings and monitor network performance effortlessly. SNMP support further enhances management capabilities, allowing for integration into larger network management systems.

Overall, the Perle P840 stands out as a powerful solution for enterprises seeking seamless connectivity, robust security, and flexibility in configuration. Its combination of advanced features and durable design makes it an ideal choice for industries requiring reliable serial and network connectivity in challenging environments. With the P840, businesses can build a resilient networking infrastructure that supports their growing demands while safeguarding their critical data.
Top Page Image Contents