Manuals / Enterasys Networks / Computer Equipment / Switch

Enterasys Networks ENTERASYS ATX manual Using ATX Port Filtering

Models: ENTERASYS ATX

1 82

Download 82 pages 9.38 Kb

Page 51

Chapter 4

Using ATX Port Filtering

Port ﬁlter table information; adding ﬁlters; viewing statistics

The ATX lets you create custom ﬁlters to screen data packets, and discard or forward trafﬁc based on the speciﬁed ﬁlter criteria. You may have several reasons for creating ﬁlters — for example, to monitor trafﬁc patterns as an aid to optimizing your network design, or to evaluate your network security. Among the criteria you can select for ﬁltering are the packet’s source or destination address, its entry or exit port, the packet’s Protocol type, or a 64 byte data value ﬁlter applied anywhere in the packet’s data.

The ATX supports two basic types of ﬁlters:

•Entry ﬁlters are pre-processing ﬁlters, applied to a port to screen incoming trafﬁc. The ﬁlter condition is satisﬁed before a bridging decision is made at the port. You can use this ﬁlter to block incoming trafﬁc from a particular segment, for instance.

•Exit ﬁlters are post-processing ﬁlters. The packet is received and processed at a port, and then screened after a bridging decision is made at the port. You can use this ﬁlter to allow trafﬁc to be forwarded from a segment to some ports on a bridge, but not to others, for example.

There are two basic methods of determining how packets get ﬁltered:

•Bridge Address Table ﬁlters are created in the Bridge Filtering Database, and are based on the address information stored in the bridge’s Source Address Table. They let you screen packets on any source address that is recorded as a static or dynamic entry in the bridge’s Source Address Table. The Source Address Table can store up to 8,192 entries, of which 200 can be statically created through management. By using these ﬁlters, you can selectively screen trafﬁc to or from a particular station according to its MAC address, or ﬁlter on multicast packets — such as the FF-FF-FF-FF-FF-FF broadcast MAC address — transmitted from a particular source address (to prevent broadcast storms from propagating over the network from that source).

4-1

Image 51

Enterasys Networks ENTERASYS ATX manual Using ATX Port Filtering

Contents

ATX User’s Guide Page Virus Disclaimer Page Restricted Rights Notice Page Contents Chapter ATX Port Mirroring Chapter Using ATX TrunkingChapter Using ATX Port Filtering Chapter Workgroup ConﬁgurationIntroduction Related Manuals Using the ATX Switch User’s GuideSoftware Conventions Common ATX Switch Window FieldsUsing Window Buttons Using On-line Help Getting HelpGetting Help from the Global Technical Assistance Center Login ATX Switch Chassis View Viewing Chassis Information ATX Switch Chassis ViewFront Panel Information Connection StatusPort Status Boot Prom Menu StructureFirmware Port Status Menu Device MenuUtilities Menu Help MenuPPE Module Menu Port Menu Port Status DisplaysModule Menu PPE Port MenuStatus Selecting a Port Status ViewPort Status Color Codes Viewing Hardware Types Chassis Manager WindowInterface Description Module Type Text BoxesIPX Routing Managing the HubSelecting the Frame Type for a Port Conﬁguring IPX Routing on a portIP Conﬁg/Routing window IP RoutingConﬁguring IP Routing on a Port Conﬁguring the IP Address TableIndex Port IP MaskBroadcast Protection Port ConﬁgurationLocal Switching Bridge Port ConﬁgurationRing Speed 11. Bridge Conﬁguration window Setting the Bridge ModeBridge Number Transmitting BPDUsSource Route Conﬁguration Ring NumberToken Ring Translation Setting the Spanning Tree Explorer ModeIPX Framing IPX Source RouteARP Translate Netbios Source Route ARP Source RouteTo set the Token Ring Translation Parameters Viewing I/F Summary Information Using the Find Source Address FeatureLogical Status IndexRaw Counts Interface Performance Statistics/Bar GraphsViewing Interface Detail RateNon-Unicast DescriptionAddress UnicastMaking Sense of Detail Statistics Enabling and Disabling Ports Administratively Enabling and Disabling PortsATX Switch Chassis View Managing the Hub Using ATX Trunking State Port Trunking WindowLast Error Rmt Bridge IdRmt IP Address Last Change Enabling and Disabling TrunkingLink Ordinal Link CountUsing ATX Trunking Using ATX Trunking Port Trunking Window Using ATX Port Filtering Using ATX Port Filtering Protocol Port Filters Table InformationId Identiﬁer PseudoEditing the Port Filters Table Adding a New Filter Using ATX Port Filtering Using ATX Port Filtering Using ATX Port Filtering Using ATX Port Filtering Packets Viewing Filter StatisticsDeleting a Port Filter Last Frame AddressWorkgroup Conﬁguration Workgroup Conﬁguration Virtual Workgroups Window Total Conﬁguring a WorkgroupDeleting a Workgroup Workgroup Conﬁguration Conﬁguring a Workgroup ATX Port Mirroring ATX Port Mirroring Port Mirroring WindowConﬁguring Port Mirroring If the ports being mirrored are remote From the device where the mirrored ports are locatedFrom the device where the diagnostic port is located ATX Port Mirroring Port Mirroring Window IPX Routing Tables IPX Network IPX StatisticsIPX Interface Port#IPX Route Tick Count Hop CountNext Hop AgeSocket NodeIDIPX Routing Tables Index Index-2 Index-3 Index Index-4