Enterasys Networks Fast Network 10 manual Example 3 Restricting Access to Authorized Users

Using Filters for Security Purposes

Example 3: Restricting Access to Authorized Users

The example shown in Figure 5-3 is very similar to the previous example. The difference is that access to workstations F, G, and H will not be denied to all LAN 1 users. Instead, only authorized users on LAN 1 will be able to access the sensitive data workstations F, G, and H on LAN 2.

FN10

Figure 5-3 Using Filters to Restrict Access to Authorized Users

A Port filter is configured that allows data packets to be sent to the restricted workstations on LAN 2 only if the packet’s source address is the address of an authorized user on either workstation B, C, or D of LAN

1. The Port filter’s components are:

•Source addresses (of authorized users)

•Destination addresses (which identify packets directed to any of the restricted workstations)

•No match flags for both of the above components

The filter is configured as follows:

•Source address field: B, C, or D (LAN 1), no match

•Destination address field: F, G, and H (LAN 2), no match

The No match flag is used in both fields to instruct the FN10 to filter all traffic that does not match both fields.

All packets destined for the restricted workstations on LAN 2 (F, G, or H) are filtered, unless the source address is the address of an authorized user on LAN 1 (B, C, or D).