Perle Systems IOLINK-520 manual Programmable Filtering, Security-Filter if Destination

Page 65

Programmable Filtering

Security—“Filter if Destination”

Filter if Destination is a function that allows you to filter an Ethernet frame based on the destination of its address. If the destination address equals the address that the Filter if Destination function has been applied to, the frame is filtered.

Example:

Assume that a host Computer is located on LAN segment 2 located on a partner bridge/router with an Ethernet address of:

00-00-01-02-03-04 (host Ethernet address)

Since each station on a LAN has a unique Ethernet address, this address uniquely identifies this host computer.

To prevent LAN users located on segment 1, located on the local bridge/router, from accessing this host system, follow the instructions below:

1From the MAIN MENU of the console of the local bridge/router, enter a 1.

(Enter a “=“ from any menu to go back to the MAIN MENU.)

This will place you at the CONFIGURATION MENU, where access to the filtering menu is obtained.

2From the CONFIGURATION MENU, enter an 8.

This will place you at the FILTER SET-UP MENU, where access to the individual filtering menus is obtained.

3From the FILTER SET-UP MENU, enter a 1.

This will place you at the MAC ADDRESS FILTERS MENU, where access to the MAC Address filters is obtained.

4From the MAC ADDRESS FILTERS MENU, make sure that Filter Operation is currently set to positive.”

This will cause the MAC Address Filters specified to be used for filtering frames with the specified MAC addresses.

5From the MAC ADDRESS FILTERS MENU, enter a 1.

This will place you at the first EDIT MAC ADDRESS FILTER MENU screen. At the prompt enter the MAC address for which you want to specify the filter.

6Enter the 12-digit Ethernet address of the host system in the following format: 000001020304 (enter a Return)

The edit screen will fill in the information that the table knows about this address. For this example, let us assume that it knows that the address is “present” and located on the LAN of the partner bridge/router.

7Enter a 4 to Enable the “Filter if Destination” parameter. The screen will be updated with the new information.

At this point, the address is added to the permanent filter table of the local LAN. This entry, therefore, will not be subject to the aging timer, and will remain active until it is removed from the permanent entry table.

When a frame of information is seen on the local LAN that contains the address of the host system in the destination field of the frame, the bridge/router will not forward it, effectively preventing any access to this host from the local LAN.

B.2 IOLINK-PRO & 520 Reference Manual

Image 65
Contents Reference Manual IP Routing and the IOLINK-PRO & 520 Routers IOLINK-PRO & 520 RoutersComplete IP Connection ARP-Address Resolution ProtocolProxy ARP IOLINK-PRO & 520 Reference Manua Protocol IP Header DetailsTime to live Header ChecksumOptions Icmp MessagesUnreachable RedirectTime and Mask server PingRoute Tables Update MechanismRIP-Routing Information Protocol IPX Addressing IPX Routing and The IOLINK-PRO & 520 RoutersNetwork Layer Addressing vs. MAC Addressing IPX Address FormatIPX Header Other IPX Header InformationSAP Broadcasts Service Advertisement ProtocolEstablishing an IPX Connection Routing Information Protocol Server TypesSAP Requests RIP/X OperationRIP/X Metrics Bridging and the IOLINK-PRO & 520 RoutersRIP/X Requests Station Address Learning Initial Bridging ProcessAddress Purging Aging TimerAging Exception Filled Address TableLink Compression Iolink Router Feature DefinitionsTelnet Introduction Bandwidth On Demand WAN TopologiesPoint-to-Point MultipointTime of Day Connect Application Isdn Single Active Link & Dual Active Link Disaster Recovery Backup LinkOperating Software Upgrades Call Establishment Methods Iolink PRO & 520 Isdn Connection ManagementWide Area Network Topologies Supported Auto-Call Time-of-Day Connections Isdn Connection ManagementManual Call Address ConnectCombination Connection ProcessProtocol Awareness Idle TimerSuspension Process Interesting TrafficTermination Process Session Keepalive MessagesIP Address Connect IP SpecificsSuspension of TCP/IP Sessions RIP-Routing Information ProtocolRIP/IPX and SAP/IPX IPX SpecificsSuspension of IPX Sessions IPX Serialization FramesLink Clocking Information Pinout InformationModule Identification Link Interfaces Reference ATL CSU/DSU Link Module InformationConsole Pinouts T1/E1 Module CSU/DSU ModuleRS232 Link Pinouts 24 & RS232C Link PinoutsDB15 Female DTE Direction Contact Circuits From Number 11 & X.21 Link PinoutsDB25 Female DTE Direction Contact Circuit From Number Name RS442 & RS530 Link PinoutsNumber Name Link PinoutsDB25 11 RS232 Null-Modem Cable RS232 Null-Modem Cable Configuration12 V.35 Null-Modem Cable Null-Modem Cable Configuration13 RS530 Null-Modem Cable RS530 Null-Modem Cable Configuration14 RS530 to RS449 Conversion Cable RS530 To RS449 Conversion Cable15 V.11/X.21 Null-Modem Cable 11/X.21 Null-Modem Cable ConfigurationWAN Link Control-Signal Operation Event logs Appendix a Event LogsEvent Logs IOLINK-PRO & 520 Reference Manual A.3 Event Logs IOLINK-PRO & 520 Reference Manual A.5 Event Logs IOLINK-PRO & 520 Reference Manual A.7 Event Logs Alarm Logs Event Logs IOLINK-PRO & 520 Reference Manual A.11 Event Logs IOLINK-PRO & 520 Reference Manual A.13 Event Logs IOLINK-PRO & 520 Reference Manual A.15 Event Logs IOLINK-PRO & 520 Reference Manual A.17 Event Logs IOLINK-PRO & 520 Reference Manual A.19 PPP Security Logs Security MAC Address FilteringSecurity-Filter if Destination Programmable FilteringSecurity-Filter if Source Security-Forward if Destination Security-Forward if Source Programmable Filtering Protocol Discrimination Pattern Filter OperatorsBridge Pattern Filtering Internet Protocol IP Protocol Type FieldFilter all IP Packets IP, and no moreFilter only TCP/IP Transport Control Protocol / Internet Protocol TCP/IPFilter all IP without TCP traffic Filter all except TCP/IPFilter all DEC Bandwidth ConservationEthernet Broadcasting Ethernet MulticastingEthernet Station Addresses General RestrictionsInternet Addresses Mask would be 6-010203040506&12-0800&23-06 Example Mask CombinationsIPX Router Pattern Filtering IP Router Pattern FilteringPage Appendix C Frame Formats Octet Locations on an IP Routed TCP/IP Frame IOLINK-PRO & 520 Reference Manual C.3