Perle Systems IOLINK-520 manual Security-Forward if Source

Page 68

Programmable Filtering

4From the MAC ADDRESS FILTERS MENU, make sure that the Filter Operation is currently set to “negative.”

This will cause the MAC Address Filters specified to be used for forwarding frames with the specified MAC addresses.

5From the MAC ADDRESS FILTERS MENU, enter a 1.

This will place you at the first EDIT MAC ADDRESS FILTER MENU screen. At the prompt enter the MAC address for which you want to specify the filter.

6Enter the 12-digit Ethernet address of the host system in the following format: 000001020304 (enter a Return)

The edit screen will fill in the information that the table knows about this address. For this example, let us assume that it knows that the address is “present” and located on the LAN of the partner bridge/router.

7Enter a 4 to Enable the “Forward if Destination” parameter. The edit screen will be updated to show the new information.

At this point, the address is added to the permanent filter table of the local LAN. This entry, therefore, will not be subject to the aging timer, and will remain active until it is removed from the permanent entry table.

When a frame of information is seen on the local LAN that contains the address of the host system in the destination field of the frame, the bridge/router will forward it. All other frames seen on the local LAN that are destined for the remote LAN will be filtered.

Security—“Forward if Source”

Forward if Source is a function that allows you to forward an Ethernet frame if the source address of the frame equals the address that the Forward if Source function has been applied to.

Example:

Assume that a Personal Computer is located on segment 1 on the local bridge/router. This station belongs to the head of Marketing. This station requires access to all the services that exist on the remote LAN but no other station on the local LAN is allowed to access the remote LAN. This can be easily accomplished with a “Forward if Source.”

The Ethernet Address for this Personal Computer is: 01-02-03-04-05-06

Again, this address uniquely identifies this computer station.

To configure the bridge/router to ensure that only this station is able to access facilities on a remote LAN segment, follow the instructions below:

1From the MAIN MENU of the console of the local bridge/router, enter a 1. (Enter a “=“ from any menu to go back to the MAIN MENU.)

This will place you at the CONFIGURATION MENU, where access to the filtering menu is obtained.

IOLINK-PRO & 520 Reference Manual — B.5

Page 67 Page 69
Image 68
Page 67 Page 69
Contents Reference Manual IOLINK-PRO & 520 Routers IP Routing and the IOLINK-PRO & 520 RoutersComplete IP Connection ARP-Address Resolution ProtocolProxy ARP IOLINK-PRO & 520 Reference Manua IP Header Details ProtocolTime to live Header ChecksumIcmp Messages OptionsUnreachable RedirectPing Time and Mask serverRoute Tables Update MechanismRIP-Routing Information Protocol IPX Routing and The IOLINK-PRO & 520 Routers IPX AddressingNetwork Layer Addressing vs. MAC Addressing IPX Address FormatOther IPX Header Information IPX HeaderSAP Broadcasts Service Advertisement ProtocolEstablishing an IPX Connection Server Types Routing Information ProtocolSAP Requests RIP/X OperationRIP/X Metrics Bridging and the IOLINK-PRO & 520 RoutersRIP/X Requests Initial Bridging Process Station Address LearningAging Timer Address PurgingFilled Address Table Aging ExceptionLink Compression Iolink Router Feature DefinitionsTelnet Introduction WAN Topologies Bandwidth On DemandPoint-to-Point MultipointTime of Day Connect Application Isdn Single Active Link & Dual Active Link Disaster Recovery Backup LinkOperating Software Upgrades Call Establishment Methods Iolink PRO & 520 Isdn Connection ManagementWide Area Network Topologies Supported Isdn Connection Management Auto-Call Time-of-Day ConnectionsAddress Connect Manual CallConnection Process CombinationIdle Timer Protocol AwarenessSuspension Process Interesting TrafficSession Keepalive Messages Termination ProcessIP Specifics IP Address ConnectSuspension of TCP/IP Sessions RIP-Routing Information ProtocolIPX Specifics RIP/IPX and SAP/IPXSuspension of IPX Sessions IPX Serialization FramesLink Clocking Information Pinout InformationModule Identification ATL CSU/DSU Link Module Information Link Interfaces ReferenceConsole Pinouts CSU/DSU Module T1/E1 Module24 & RS232C Link Pinouts RS232 Link Pinouts11 & X.21 Link Pinouts DB15 Female DTE Direction Contact Circuits From NumberRS442 & RS530 Link Pinouts DB25 Female DTE Direction Contact Circuit From Number NameNumber Name Link PinoutsDB25 RS232 Null-Modem Cable Configuration 11 RS232 Null-Modem CableNull-Modem Cable Configuration 12 V.35 Null-Modem CableRS530 Null-Modem Cable Configuration 13 RS530 Null-Modem CableRS530 To RS449 Conversion Cable 14 RS530 to RS449 Conversion Cable11/X.21 Null-Modem Cable Configuration 15 V.11/X.21 Null-Modem CableWAN Link Control-Signal Operation Appendix a Event Logs Event logsEvent Logs IOLINK-PRO & 520 Reference Manual A.3 Event Logs IOLINK-PRO & 520 Reference Manual A.5 Event Logs IOLINK-PRO & 520 Reference Manual A.7 Event Logs Alarm Logs Event Logs IOLINK-PRO & 520 Reference Manual A.11 Event Logs IOLINK-PRO & 520 Reference Manual A.13 Event Logs IOLINK-PRO & 520 Reference Manual A.15 Event Logs IOLINK-PRO & 520 Reference Manual A.17 Event Logs IOLINK-PRO & 520 Reference Manual A.19 PPP Security Logs MAC Address Filtering SecurityProgrammable Filtering Security-Filter if DestinationSecurity-Filter if Source Security-Forward if Destination Security-Forward if Source Programmable Filtering Protocol Discrimination Pattern Filter OperatorsBridge Pattern Filtering Protocol Type Field Internet Protocol IPFilter all IP Packets IP, and no moreTransport Control Protocol / Internet Protocol TCP/IP Filter only TCP/IPFilter all IP without TCP traffic Filter all except TCP/IPBandwidth Conservation Filter all DECEthernet Broadcasting Ethernet MulticastingEthernet Station Addresses General RestrictionsInternet Addresses Mask Combinations Mask would be 6-010203040506&12-0800&23-06 ExampleIP Router Pattern Filtering IPX Router Pattern FilteringPage Appendix C Frame Formats Octet Locations on an IP Routed TCP/IP Frame IOLINK-PRO & 520 Reference Manual C.3
Top Page Image Contents