Traffic/Security Filters (ProCurve Series 2600/2600-PWR and 2800 Switches)

Using Source-Port Filters

Configuring a Source-Port Filter

The source-port filter command operates from the global configuration level.

Syntax: [no] filter source-port [e] < source-port-number> [ drop [ forward] forward [ drop ]]

Creates or deletes the source port filter assigned to < source-port-number>. If you create a source-port filter without specifying a drop or forward action, the switch automatically creates a filter with a forward action from the designated source to all destinations on the switch.

[ drop [e] < destination-port-list > ]

Configures the filter for the designated source-port (or source-trunk) (< source-port-number>) to drop traffic for the ports and/or port trunks in the <

destination-port-list>. Can be followed by the forward option if you have other destination ports set to drop that you want to change to forward. For example:

filter source-port<source-port-number > drop < destination-port-list > forward

<destination-port-list>

[ forward [e] < destination-port-list > ]

Configures the filter for the designated source (< source-port-number>) to forward traffic for the destinations in the < destination-port- list >. Since "forward" is the default state for destinations in a filter, this command is useful when destinations in an existing filter are configured for "drop" and you want to change them to "forward". Can be followed by the drop option if you have other destination ports set to forward that you want to change to drop. For example:

filter source-port <source-port-number> forward < destination-port-list> drop < destination-port-list>

Example of Creating a Source-Port Filter. For example, assume that you want to create a source-port filter that drops all traffic received on port 5 with a destination of port trunk 1 (Trk1) and any port in the range of port 10 to port 15. To create this filter you would execute this command:

ProCurve(config)# filter source-port 5 drop trk1,10-15

Later, suppose you wanted to shift the destination port range for this filter up by two ports; that is, to have the filter drop all traffic received on port 5 with a destination of any port in the range of port 12 to port 17. (The Trk1 destination is already configured in the filter and can remain as-is.)With one command you can restore forwarding to ports 10 and 11 while adding ports 16 and 17 to the "drop" list:

ProCurve(config)# filter source-port 5 forward 10-11 drop 16-17

10-5

Page 273
Image 273
HP 2600-PWR, 4100gl, 2650 (J4899A/B), 2626 (J4900A/B), 6108 manual Configuring a Source-Port Filter, 10-5