Perle Systems IOLINK-520 manual Security-Forward if Destination

Page 67

Programmable Filtering

8The bridge/router will prompt you for the LAN that the station is located on; enter the name of the partner bridge/router LAN (LAN345678, for example).

Note that the Status of the address is marked as [present], the location is updated to LAN345678 and the Permanent entry is [enabled].

9Enter a 3 to [enable] the “Filter if Source” parameter. The edit screen will be updated to show the new information.

At this point, the address is added to the permanent filter table of the local LAN. This entry, therefore, will not be subject to the aging timer, and will remain active until it is removed from the permanent entry table.

When a frame of information is seen on the local LAN that contains the address of the Personal Computer in the source field of the frame, the bridge/router will not forward it, effectively preventing any access from the PC to remote LANs.

Most programmable filtering options may be used for security purposes. The examples above are specific instances where the two “Filter if” functions may be used.

Security—“Forward if Destination”

Forward if Destination is a function that allows you to forward an Ethernet frame based on the destination of its address and filter all other frames. If the destination address equals the address that the Forward if Destination function has been applied to, the frame is forwarded.

Example:

Assume that a host Computer is located on LAN segment 2 located on a partner bridge/router with an Ethernet address of:

00-00-01-02-03-04 (host Ethernet address)

Since each station on a LAN has a unique Ethernet address, this address uniquely identifies this host computer.

To prevent LAN users located on segment 1, located on the local bridge/router, from accessing any only this host system and no other systems, follow the instructions below:

1From the MAIN MENU of the console of the local bridge/router, enter a 1. (Enter a “=“ from any menu to go back to the MAIN MENU.)

This will place you at the CONFIGURATION MENU, where access to the filtering menu is obtained.

2From the CONFIGURATION MENU, enter an 8.

This will place you at the FILTER SET-UP MENU, where access to the individual filtering menus is obtained.

3From the FILTER SET-UP MENU, enter a 1.

This will place you at the MAC ADDRESS FILTERS MENU, where access to the MAC Address filters is obtained.

B.4 IOLINK-PRO & 520 Reference Manual

Page 66 Page 68
Image 67
Page 66 Page 68
Contents Reference Manual IP Routing and the IOLINK-PRO & 520 Routers IOLINK-PRO & 520 RoutersProxy ARP ARP-Address Resolution ProtocolComplete IP Connection IOLINK-PRO & 520 Reference Manua Header Checksum IP Header DetailsProtocol Time to liveRedirect Icmp MessagesOptions UnreachableTime and Mask server PingRIP-Routing Information Protocol Update MechanismRoute Tables IPX Address Format IPX Routing and The IOLINK-PRO & 520 RoutersIPX Addressing Network Layer Addressing vs. MAC AddressingIPX Header Other IPX Header InformationEstablishing an IPX Connection Service Advertisement ProtocolSAP Broadcasts RIP/X Operation Server TypesRouting Information Protocol SAP RequestsRIP/X Requests Bridging and the IOLINK-PRO & 520 RoutersRIP/X Metrics Station Address Learning Initial Bridging ProcessAddress Purging Aging TimerAging Exception Filled Address TableTelnet Iolink Router Feature DefinitionsLink Compression Introduction Multipoint WAN TopologiesBandwidth On Demand Point-to-PointTime of Day Connect Application Operating Software Upgrades Disaster Recovery Backup LinkIsdn Single Active Link & Dual Active Link Wide Area Network Topologies Supported Iolink PRO & 520 Isdn Connection ManagementCall Establishment Methods Auto-Call Time-of-Day Connections Isdn Connection ManagementManual Call Address ConnectCombination Connection ProcessInteresting Traffic Idle TimerProtocol Awareness Suspension ProcessTermination Process Session Keepalive MessagesRIP-Routing Information Protocol IP SpecificsIP Address Connect Suspension of TCP/IP SessionsIPX Serialization Frames IPX SpecificsRIP/IPX and SAP/IPX Suspension of IPX SessionsModule Identification Pinout InformationLink Clocking Information Link Interfaces Reference ATL CSU/DSU Link Module InformationConsole Pinouts T1/E1 Module CSU/DSU ModuleRS232 Link Pinouts 24 & RS232C Link PinoutsDB15 Female DTE Direction Contact Circuits From Number 11 & X.21 Link PinoutsDB25 Female DTE Direction Contact Circuit From Number Name RS442 & RS530 Link PinoutsDB25 Link PinoutsNumber Name 11 RS232 Null-Modem Cable RS232 Null-Modem Cable Configuration12 V.35 Null-Modem Cable Null-Modem Cable Configuration13 RS530 Null-Modem Cable RS530 Null-Modem Cable Configuration14 RS530 to RS449 Conversion Cable RS530 To RS449 Conversion Cable15 V.11/X.21 Null-Modem Cable 11/X.21 Null-Modem Cable ConfigurationWAN Link Control-Signal Operation Event logs Appendix a Event LogsEvent Logs IOLINK-PRO & 520 Reference Manual A.3 Event Logs IOLINK-PRO & 520 Reference Manual A.5 Event Logs IOLINK-PRO & 520 Reference Manual A.7 Event Logs Alarm Logs Event Logs IOLINK-PRO & 520 Reference Manual A.11 Event Logs IOLINK-PRO & 520 Reference Manual A.13 Event Logs IOLINK-PRO & 520 Reference Manual A.15 Event Logs IOLINK-PRO & 520 Reference Manual A.17 Event Logs IOLINK-PRO & 520 Reference Manual A.19 PPP Security Logs Security MAC Address FilteringSecurity-Filter if Destination Programmable FilteringSecurity-Filter if Source Security-Forward if Destination Security-Forward if Source Programmable Filtering Bridge Pattern Filtering Pattern Filter OperatorsProtocol Discrimination IP, and no more Protocol Type FieldInternet Protocol IP Filter all IP PacketsFilter all except TCP/IP Transport Control Protocol / Internet Protocol TCP/IPFilter only TCP/IP Filter all IP without TCP trafficEthernet Multicasting Bandwidth ConservationFilter all DEC Ethernet BroadcastingInternet Addresses General RestrictionsEthernet Station Addresses Mask would be 6-010203040506&12-0800&23-06 Example Mask CombinationsIPX Router Pattern Filtering IP Router Pattern FilteringPage Appendix C Frame Formats Octet Locations on an IP Routed TCP/IP Frame IOLINK-PRO & 520 Reference Manual C.3
Top Page Image Contents