Programmable Filtering

4From the MAC ADDRESS FILTERS MENU, make sure that the Filter Operation is currently set to “negative.”

This will cause the MAC Address Filters specified to be used for forwarding frames with the specified MAC addresses.

5From the MAC ADDRESS FILTERS MENU, enter a 1.

This will place you at the first EDIT MAC ADDRESS FILTER MENU screen. At the prompt enter the MAC address for which you want to specify the filter.

6Enter the 12-digit Ethernet address of the host system in the following format: 000001020304 (enter a Return)

The edit screen will fill in the information that the table knows about this address. For this example, let us assume that it knows that the address is “present” and located on the LAN of the partner bridge/router.

7Enter a 4 to Enable the “Forward if Destination” parameter. The edit screen will be updated to show the new information.

At this point, the address is added to the permanent filter table of the local LAN. This entry, therefore, will not be subject to the aging timer, and will remain active until it is removed from the permanent entry table.

When a frame of information is seen on the local LAN that contains the address of the host system in the destination field of the frame, the bridge/router will forward it. All other frames seen on the local LAN that are destined for the remote LAN will be filtered.

Security—“Forward if Source”

Forward if Source is a function that allows you to forward an Ethernet frame if the source address of the frame equals the address that the Forward if Source function has been applied to.

Example:

Assume that a Personal Computer is located on segment 1 on the local bridge/router. This station belongs to the head of Marketing. This station requires access to all the services that exist on the remote LAN but no other station on the local LAN is allowed to access the remote LAN. This can be easily accomplished with a “Forward if Source.”

The Ethernet Address for this Personal Computer is: 01-02-03-04-05-06

Again, this address uniquely identifies this computer station.

To configure the bridge/router to ensure that only this station is able to access facilities on a remote LAN segment, follow the instructions below:

1From the MAIN MENU of the console of the local bridge/router, enter a 1. (Enter a “=“ from any menu to go back to the MAIN MENU.)

This will place you at the CONFIGURATION MENU, where access to the filtering menu is obtained.

IOLINK-PRO & 520 Reference Manual — B.5

Page 68
Image 68
Perle Systems IOLINK-520 manual Security-Forward if Source