Traffic/Security Filters and Monitors

Filter Types and Operation

A named source-port filter must first be defined and configured before it can be applied. In the following example two named source-port filters are defined, web-onlyand accounting.

ProCurve(config)# filter source-port named-filter web- only

ProCurve(config)# filter source-port named-filter accounting

By default, these two named source-port filters forward traffic to all ports and port trunks.

To configure a named source-port filter to prevent inbound traffic from being forwarded to specific destination switch ports or port trunks, the drop option is used. For example, on a 26-port switch, to configure the named source-port filter web-onlyto drop any traffic except that for destination ports 1 and 2, the following command would be used:

ProCurve(config)# filter source-port named-filter web- only drop 3-26

A named source-port filter can be defined and configured in a single command by adding the drop option, followed by the required destination-port-list.

Viewing a Named Source-Port Filter

You can list all source-port filters configured in the switch, both named and unnamed, and their action using the show command below.

Syntax: show filter source-port

Displays a listing of configured source-port filters, where each filter entry includes a Filter Name, Port List, and Action:

Filter Name: The filter-name used when a named source-port filter is defined. Non-named source-port filters are automatically assigned the port or port trunk number of the source port.

Port List: Lists the port and port trunk destinations using the filter. Named source-port filters that are not in use display NOT USED.

Action: Lists the ports and port trunks dropped by the filter. If a named source-port filter has been defined but not configured, this field is blank.

[ index ] For the supplied index (IDX) displays the action taken (Drop or Forward) for each destination port on the switch.

9-8