Advanced Configuration and Management Guide

Define Additional Zone Filters

When defining AppleTalk zone filters, you must define both deny and permit relationships for an interface. For instance, in the previous example, a deny filter prevents users within Marketing and Field Service zones from accessing the Finance zone.

Because all additional zones not specifically addressed by a deny filter are permitted by default, you do not need to configure any specific permit definitions, and the requirement of defining both deny and permit relationships is satisfied.

However, the additional zone filter is useful in denying access to those zones not specifically addressed in permit zone filters. Consider the following example.

EXAMPLE:

Suppose Sales, Human Resources (HR), Engineering, and Training zones will be added to the network in the next month. You know in advance that the only other zone that will be allowed access to the Finance zone is the HR zone.

You can configure permit zone filters (Figure 15.2) for ports 4/10 and 4/14 that allow the HR zone to have access to the finance zone and deny access to all others with a deny additional zone filter (Figure 15.2). This approach addresses the current network and all future zone additions with no additional configuration.

USING THE CLI

To define the permit filter for HR on ports 4/10 and 4/14, enter the following commands:

HP9300(config)# interface e 4/10

HP9300(config-if-4/10)# no appletalk routing

HP9300(config-if-4/10)# appletalk permit zone HR

HP9300(config-if-4/10)# deny additional-zones

HP9300(config-if-4/10)# appletalk routing

HP9300(config-if-4/10)# int e 4/14

HP9300(config-if-4/14)# no appletalk routing

HP9300(config-if-4/14)# appletalk permit zone HR

HP9300(config-if-4/14)# appletalk routing

HP9300(config-if-4/14)# write memory

NOTE: You must disable AppleTalk routing on any interface already operating with AppleTalk before making any modifications to the configuration, and then re-enable routing to activate the change.

USING THE WEB MANAGEMENT INTERFACE

To define the permit and deny filters discussed above:

1.Log on to the device using a valid user name and password for read-write access. The System configuration dialog is displayed.

2.Click on the plus sign next to Configure in the tree view to expand the list of configuration options.

3.Click on the plus sign next to AppleTalk in the tree view to expand the list of AppleTalk option links.

4.Click on the Zone Filter link.

If the device does not have any AppleTalk zone filters, the AppleTalk Zone Filter configuration panel is displayed.

If an AppleTalk zone filter is already configured and you are adding a new one, click on the Configure AppleTalk Zone Filter link to display the AppleTalk Zone Filter configuration panel.

If you are modifying an existing AppleTalk zone filter, click on the Modify button to the right of the row describing the filter to display the AppleTalk Zone Filter configuration panel.

15 - 12