Advanced Configuration and Management Guide
Filtering AppleTalk Zones and Networks
Defining Zone Filters
Zone filtering allows you to define access for a network and its nodes by entering single permit or deny CLI commands, instead of defining an access list for each node independently.
By eliminating the need to enter separate numbers for each device or network segment, zone filters improve overall system administration of an AppleTalk network. For example, if a new device such as a server or laser printer is added to an existing zone, all users in that zone automatically have access to that device without any additional configuration.
Additionally, zone filters help eliminate unauthorized access to devices within restricted zones. As new devices are added to secured zones, information on those devices is protected automatically.
FieldService Zone
AppleTalk | ... |
... |
|
Port 3 |
|
100.50 |
|
Network 300
Apple
Server 
Network 200
Network 400
200.50300.50 400.50
Port 1 | Port 13 Port 15 |
Port 10 | Port 14 |
Marketing Zone
FieldService Zone
Marketing
Zone
... 
AppleTalk
AppleTalk Addresses Assigned to Ports Port 1 = 200.50
Port 3 = 100.50
Port 10 = 600.50
Port 13 = 300.50
Port 14 = 500.50
Port 15 = 400.50
600.50500.50
Network 500
Apple | Finance |
Server | Zone |
... 
AppleTalk
Network 600
Figure 15.2 AppleTalk zones in a network
EXAMPLE:
Suppose you want to deny access to the Finance server to users within the Marketing and Field Service zones on the network, as shown in Figure 15.2. To define a zone filter for this, use one of the following methods.
15 - 10