Configuring AppleTalk

5.Select the interface for which the zone filter is to be defined from the port or slot/port pull down menu(s). In this example, you are defining a permit zone filter for HR for interfaces 10 and 14, which have membership in the Finance zone.

6.Enter the zone name to which access is to be permitted or denied. In this case, the zone name is HR.

7.Select either Deny or Permit. In this example, select Permit for interfaces 10 and 14.

8.Enable RTMP filtering to also filter on a network basis.

NOTE: When this filter is enabled on an interface, the denied network numbers are removed from the RTMP packet before it is transmitted out of the interface. In this example, RTMP filtering is not desired, so this option default is left as disabled.

9.Click the Apply button to apply the changes to the device’s running-config file.

10.Click on the Additional Zone Filter link in the tree view.

11.Select the interface for which the zone filter is to be defined, from the port or slot/port pull down menu(s). In this example, define a deny zone filter for interfaces 10 and 14 to deny all other zones not specified in the permit zone filter (steps 1 – 6 above).

12.Select either Deny or Permit. For this example, select Deny for interfaces 10 and 14.

13.Disable RTMP filtering.

14.Click the Apply button to apply the changes to the device’s running-config file.

15.Select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory.

Network Filtering

EXAMPLE:

To deny access to the Finance server to users within the Marketing and Field Service zones on the network and to prevent information about the zone and the network numbers from being forwarded out of interface 1/1 (Figure 15.2), use one of the following methods.

USING THE CLI

HP9300(config-if-1/1)# appletalk deny zone finance rtmp-filtering

USING THE WEB MANAGEMENT INTERFACE

To enable RTMP filtering on an interface, define the filter as usual, then enable the RTMP filtering option on the AppleTalk Zone Filter panel.

Routing Between AppleTalk VLANs Using Virtual Interfaces

In addition to supporting AppleTalk VLANs, the routing switches support routing between AppleTalk VLANs using virtual interfaces. The virtual interfaces provide VLANs access to the router functions of routing switches. Using these virtual interfaces eliminates the need to assign a physical port for routing between local VLANs.

AppleTalk routing between virtual and physical interfaces is also supported.

EXAMPLE:

In Figure 15.3, AppleTalk traffic is terminating on ports 1/1 through 1/4. Suppose you want to group all of these interfaces into an AppleTalk protocol VLAN and route traffic to VLANs on other routing switches.

To do so, perform the following steps:

1.Create an AppleTalk protocol VLAN with port membership of ports 1, 2, 3, and 4.

2.Assign a virtual interface to the AppleTalk VLAN to allow it to route traffic to AppleTalk VLANs on remote routing switches.

15 - 13