Perle Systems IOLINK-520 manual Security-Filter if Source

Page 66

Programmable Filtering

Security—“Filter if Source”

Filter if Source is a function that allows you to filter an Ethernet frame if the source address of the frame equals the address that the Filter if Source function has been applied to.

Example:

Assume that a Personal Computer is located on segment 1 on the local bridge/router. This station is a community station that various departments may use for general processing. However, this station may only access those services that exist on its local segment, and it must be restricted from accessing any services on remote LANs. This can be easily accomplished with a “Filter if Source.”

The Ethernet Address for this Personal Computer is: 01-02-03-04-05-06

Again, this address uniquely identifies this computer station.

To configure the bridge/router to ensure that this station is unable to access facilities on a remote LAN segment, follow the instructions below:

1From the MAIN MENU of the console of the local bridge/router, enter a 1.

(Enter a “=“ from any menu to go back to the MAIN MENU.)

This will place you at the CONFIGURATION MENU, where access to the filtering menu is obtained.

2From the CONFIGURATION MENU, enter an 8.

This will place you at the FILTER SET-UP MENU, where access to the individual filtering menus is obtained.

3From the FILTER SET-UP MENU, enter a 1.

This will place you at the MAC ADDRESS FILTERS MENU, where access to the MAC Address filters is obtained.

4From the MAC ADDRESS FILTERS MENU, make sure that the Filter Operation is currently set to “positive.”

This will cause the MAC Address Filters specified to be used for filtering frames with the specified MAC addresses.

5From the MAC ADDRESS FILTERS MENU, enter a 1.

This will place you at the first EDIT MAC ADDRESS FILTER MENU screen. At the prompt enter the MAC address for which you want to specify the filter.

6Enter the 12-digit Ethernet address of the Personal Computer system in the following format: 010203040506 (enter a Return)

The edit screen will fill in the information that the table knows about this address. For this example, let us assume that it knows that the address status is [not present] and is of [unknown] location.

In this example, the bridge/router is not aware of this station as of yet. The station has probably not been active for the bridge/router to “learn” any information about it.

Therefore, you will have to tell the bridge/router a little bit more about the station.

7Enter a 2 to enter the location of the station.

IOLINK-PRO & 520 Reference Manual — B.3

Image 66
Contents Reference Manual IOLINK-PRO & 520 Routers IP Routing and the IOLINK-PRO & 520 RoutersARP-Address Resolution Protocol Proxy ARPComplete IP Connection IOLINK-PRO & 520 Reference Manua Time to live IP Header DetailsProtocol Header ChecksumUnreachable Icmp MessagesOptions RedirectPing Time and Mask serverUpdate Mechanism RIP-Routing Information ProtocolRoute Tables Network Layer Addressing vs. MAC Addressing IPX Routing and The IOLINK-PRO & 520 RoutersIPX Addressing IPX Address FormatOther IPX Header Information IPX HeaderService Advertisement Protocol Establishing an IPX ConnectionSAP Broadcasts SAP Requests Server TypesRouting Information Protocol RIP/X OperationBridging and the IOLINK-PRO & 520 Routers RIP/X RequestsRIP/X Metrics Initial Bridging Process Station Address LearningAging Timer Address PurgingFilled Address Table Aging ExceptionIolink Router Feature Definitions TelnetLink Compression Introduction Point-to-Point WAN TopologiesBandwidth On Demand MultipointTime of Day Connect Application Disaster Recovery Backup Link Operating Software UpgradesIsdn Single Active Link & Dual Active Link Iolink PRO & 520 Isdn Connection Management Wide Area Network Topologies SupportedCall Establishment Methods Isdn Connection Management Auto-Call Time-of-Day ConnectionsAddress Connect Manual CallConnection Process CombinationSuspension Process Idle TimerProtocol Awareness Interesting TrafficSession Keepalive Messages Termination ProcessSuspension of TCP/IP Sessions IP SpecificsIP Address Connect RIP-Routing Information ProtocolSuspension of IPX Sessions IPX SpecificsRIP/IPX and SAP/IPX IPX Serialization FramesPinout Information Module IdentificationLink Clocking Information ATL CSU/DSU Link Module Information Link Interfaces ReferenceConsole Pinouts CSU/DSU Module T1/E1 Module24 & RS232C Link Pinouts RS232 Link Pinouts11 & X.21 Link Pinouts DB15 Female DTE Direction Contact Circuits From NumberRS442 & RS530 Link Pinouts DB25 Female DTE Direction Contact Circuit From Number NameLink Pinouts DB25Number Name RS232 Null-Modem Cable Configuration 11 RS232 Null-Modem CableNull-Modem Cable Configuration 12 V.35 Null-Modem CableRS530 Null-Modem Cable Configuration 13 RS530 Null-Modem CableRS530 To RS449 Conversion Cable 14 RS530 to RS449 Conversion Cable11/X.21 Null-Modem Cable Configuration 15 V.11/X.21 Null-Modem CableWAN Link Control-Signal Operation Appendix a Event Logs Event logsEvent Logs IOLINK-PRO & 520 Reference Manual A.3 Event Logs IOLINK-PRO & 520 Reference Manual A.5 Event Logs IOLINK-PRO & 520 Reference Manual A.7 Event Logs Alarm Logs Event Logs IOLINK-PRO & 520 Reference Manual A.11 Event Logs IOLINK-PRO & 520 Reference Manual A.13 Event Logs IOLINK-PRO & 520 Reference Manual A.15 Event Logs IOLINK-PRO & 520 Reference Manual A.17 Event Logs IOLINK-PRO & 520 Reference Manual A.19 PPP Security Logs MAC Address Filtering SecurityProgrammable Filtering Security-Filter if DestinationSecurity-Filter if Source Security-Forward if Destination Security-Forward if Source Programmable Filtering Pattern Filter Operators Bridge Pattern FilteringProtocol Discrimination Filter all IP Packets Protocol Type FieldInternet Protocol IP IP, and no moreFilter all IP without TCP traffic Transport Control Protocol / Internet Protocol TCP/IPFilter only TCP/IP Filter all except TCP/IPEthernet Broadcasting Bandwidth ConservationFilter all DEC Ethernet MulticastingGeneral Restrictions Internet AddressesEthernet Station Addresses Mask Combinations Mask would be 6-010203040506&12-0800&23-06 ExampleIP Router Pattern Filtering IPX Router Pattern FilteringPage Appendix C Frame Formats Octet Locations on an IP Routed TCP/IP Frame IOLINK-PRO & 520 Reference Manual C.3