Chapter 5: FN10 Filters
The company wants to allow Engineering and Accounting workstations to access resources on the Manufacturing subnet (LAN 1), but wants to prevent users on the Engineering subnet (LAN 2) from accessing resources on the Accounting subnet (LAN 3). Therefore, the objective is to set up a filter that will block all traffic between LANs 2 and 3, while allowing users on both LANs 2 and 3 to access LAN 1.
For this example, assume that LAN 2 and LAN 3 are connected to ports 2 and 3 on the FN10, respectively. LAN 1 is connected to the ports 1 and 4 on the FN10.
Two Port filters are used to discard any packets from the Engineering subnet destined for the Accounting subnet (LAN 2 to LAN 3), and any packets from the Accounting subnet destined for the Engineering subnet (LAN 3 to LAN 2). Each filter includes:
•The source LAN or port number
•The destination port
•Match flags
The filters are constructed as follows:
•Filter 1: Identifier is port 3 as a destination (i.e., exit) Fields are source LAN = 2, Match
•Filter 2: Identifier is port 2 as a destination (i.e., exit) Fields are source LAN = 3, Match
Any packet whose source is LAN 3 and destination is port 2 will be filtered. Likewise, any packet whose source is LAN 2 and destination is port 3 will be filtered. However, the filters will not affect user access to the Manufacturing subnet (LAN 1). Therefore, the objective has been accomplished: Users on LANs 2 and 3 (Engineering and Accounting) cannot communicate, but users on either LAN can access LAN 1 (Manufacturing).
This is an example of logical segmenting. In this case, LANs 2 and 3 are distinct physical segments. However, before the filters were implemented, they were able to freely communicate. The filters were used to logically segment the network in such a way that LANs 2 and 3 cannot communicate.
Page | Fast Network 10 User Guide |
