Enterasys Networks ENTERASYS ATX manual Using ATX Port Filtering

Page 51

Chapter 4

Using ATX Port Filtering

Port filter table information; adding filters; viewing statistics

The ATX lets you create custom filters to screen data packets, and discard or forward traffic based on the specified filter criteria. You may have several reasons for creating filters — for example, to monitor traffic patterns as an aid to optimizing your network design, or to evaluate your network security. Among the criteria you can select for filtering are the packet’s source or destination address, its entry or exit port, the packet’s Protocol type, or a 64 byte data value filter applied anywhere in the packet’s data.

The ATX supports two basic types of filters:

Entry filters are pre-processing filters, applied to a port to screen incoming traffic. The filter condition is satisfied before a bridging decision is made at the port. You can use this filter to block incoming traffic from a particular segment, for instance.

Exit filters are post-processing filters. The packet is received and processed at a port, and then screened after a bridging decision is made at the port. You can use this filter to allow traffic to be forwarded from a segment to some ports on a bridge, but not to others, for example.

There are two basic methods of determining how packets get filtered:

Bridge Address Table filters are created in the Bridge Filtering Database, and are based on the address information stored in the bridge’s Source Address Table. They let you screen packets on any source address that is recorded as a static or dynamic entry in the bridge’s Source Address Table. The Source Address Table can store up to 8,192 entries, of which 200 can be statically created through management. By using these filters, you can selectively screen traffic to or from a particular station according to its MAC address, or filter on multicast packets — such as the FF-FF-FF-FF-FF-FF broadcast MAC address — transmitted from a particular source address (to prevent broadcast storms from propagating over the network from that source).

4-1

Page 50 Page 52
Image 51
Page 50 Page 52
Contents ATX User’s Guide Page Virus Disclaimer Page Restricted Rights Notice Page Contents Chapter ATX Port Mirroring Chapter Using ATX TrunkingChapter Using ATX Port Filtering Chapter Workgroup ConfigurationIntroduction Related Manuals Using the ATX Switch User’s GuideSoftware Conventions Common ATX Switch Window FieldsUsing Window Buttons Using On-line Help Getting HelpGetting Help from the Global Technical Assistance Center Login ATX Switch Chassis View Viewing Chassis Information ATX Switch Chassis ViewFront Panel Information Connection StatusPort Status Boot Prom Menu StructureFirmware Port Status Menu Device MenuUtilities Menu Help MenuPPE Module Menu Port Menu Port Status DisplaysModule Menu PPE Port MenuStatus Selecting a Port Status ViewPort Status Color Codes Viewing Hardware Types Chassis Manager WindowInterface Description Module Type Text BoxesIPX Routing Managing the HubSelecting the Frame Type for a Port Configuring IPX Routing on a portIP Config/Routing window IP RoutingConfiguring IP Routing on a Port Configuring the IP Address TableIndex Port IP MaskBroadcast Protection Port ConfigurationLocal Switching Bridge Port ConfigurationRing Speed 11. Bridge Configuration window Setting the Bridge ModeBridge Number Transmitting BPDUsSource Route Configuration Ring NumberToken Ring Translation Setting the Spanning Tree Explorer ModeIPX Framing IPX Source RouteARP Translate Netbios Source Route ARP Source RouteTo set the Token Ring Translation Parameters Viewing I/F Summary Information Using the Find Source Address FeatureLogical Status IndexRaw Counts Interface Performance Statistics/Bar GraphsViewing Interface Detail RateNon-Unicast DescriptionAddress UnicastMaking Sense of Detail Statistics Enabling and Disabling Ports Administratively Enabling and Disabling PortsATX Switch Chassis View Managing the Hub Using ATX Trunking State Port Trunking WindowLast Error Rmt Bridge IdRmt IP Address Last Change Enabling and Disabling TrunkingLink Ordinal Link CountUsing ATX Trunking Using ATX Trunking Port Trunking Window Using ATX Port Filtering Using ATX Port Filtering Protocol Port Filters Table InformationId Identifier PseudoEditing the Port Filters Table Adding a New Filter Using ATX Port Filtering Using ATX Port Filtering Using ATX Port Filtering Using ATX Port Filtering Packets Viewing Filter StatisticsDeleting a Port Filter Last Frame AddressWorkgroup Configuration Workgroup Configuration Virtual Workgroups Window Total Configuring a WorkgroupDeleting a Workgroup Workgroup Configuration Configuring a Workgroup ATX Port Mirroring ATX Port Mirroring Port Mirroring WindowConfiguring Port Mirroring If the ports being mirrored are remote From the device where the mirrored ports are locatedFrom the device where the diagnostic port is located ATX Port Mirroring Port Mirroring Window IPX Routing Tables IPX Network IPX StatisticsIPX Interface Port#IPX Route Tick Count Hop CountNext Hop AgeSocket NodeIDIPX Routing Tables Index Index-2 Index-3 Index Index-4
Top Page Image Contents