Enterasys Networks Fast Network 10 manual Chapter FN10 Filters, Bridge Address Table Filters

CHAPTER 5

FN10 FILTERS

One of the most significant features of the FN10 is its powerful user-configurable filtering capabilities. A filter is an instruction to the FN10 to screen data packets based on the criteria you define. Filtering is useful for gathering statistics, implementing security measures, and improving network performance.

The FN10 also supports pseudo filtering. Pseudo filtering provides a unique traffic monitoring capability, including:

•Determining the effect a filter would have, without actually invoking it.

•Monitoring traffic patterns to help determine optimum network design.

•Monitoring potential security threats.

•Evaluating security policies.

You can configure the FN10 to selectively filter network traffic using the following types of filters:

•Bridge Address Table filters

•Port filters

Although proper use of filters can have a positive effect on the network performance, excessive use of filters may degrade network performance. (Refer to Section 5.6.)

5.1 BRIDGE ADDRESS TABLE FILTERS

Bridge Address Table filters use the FN10 Bridge Address Table to determine if there are any filtering flags assigned to a packet’s source or destination address. By assigning FN10 Bridge Address Table filter flags, you can selectively filter:

•Traffic to and/or from any station (Media Access Control (MAC) layer address).