Traffic/Security Filters and Monitors

Configuring Traffic/Security Filters

Configuring a Source-Port Traffic Filter

Syntax: [no] filter

[source-port < port-number trunk-name>]

Specifies one inbound port or trunk. Traffic received inbound on this interface from other devices will be filtered. The no form of the command deletes the source- port filter for < port-number > and returns the destination ports for that filter to the Forward action. (Default: Forward on all ports.)

Note: If multiple VLANs are configured, the source-port and the destination port(s) must be in the same VLAN unless routing is enabled. Similarly, if a VLAN containing both the source and destination is multi- netted, the source and destination ports and/or trunks must be in the same subnet unless routing is enabled.

[ drop ] < destination-port-list > [ forward < port-list >]

Configures the filter to drop traffic for the ports and/or trunks in the designated < destination-port-list >. Can be followed by forward < destination-port-list > if you have other destination ports set to drop that you want to change to forward. If no drop or forward action is specified, the switch automatically creates a filter with a forward action from the designated source port (or trunk) to all destination ports (or trunks) on the switch.

[ forward ] < port-list>

Configures the filter to forward traffic for the ports and/ or trunks in the designated < destination-port-list >. Because forward is the default state for destinations in a filter, this command is useful when destinations in an existing filter are configured for drop and you want to change them to forward. Can be followed by drop

<destination-port-list > if you have other destination ports set to forward that you want to change to drop. If no drop or forward action is specified, the switch automatically creates a filter with a forward action from the designated source port (or trunk) to all desti- nation ports (or trunks) on the switch.

9-16