41
5 Programmable Filtering
Programmable filtering gives the network manager the ability to control under what conditions Ethernet frames are forwarded
across bridge or bridge/router ports. There are many reasons why thi s might need to be accomplished, some of which are
security, protocol discriminati on, bandwidth conservation, and general restrictions.
To reach a specific filtering goal, there is usually more than one possible fi lter expression that may be used. This of course is
dependent on the specific filtering requirement, and how flexible the filter should be.
The following pages describe how programmable fi lters may be used in typical applications. Although this is only a small
sampling of the many possibilities, a cross-section of use of filters is presented.

MAC Address Filtering

Security

The need for security has become increasingly important in Local Area Networking, and with the use of programmable filters,
security may be easily and effectively implemented across segment boundaries. By defining a programmable filter, the
network manager may control what traffic is allowed between LAN segments, thereby controlling the security of resources by
preventing unauthorized user access.
The P840 router provides three built-in functions – in addition to defined programmable masks – to control the access to
resources. The first function is “Filter if Source the second is “Filter if Destination The third function allows you to change
the filter operation from “positive” to “negative”. Positive filter operation causes the specified MAC addresses to be filtered
according to the entered method. Negative filter operation causes the specified MAC addresses to be forwarded according to
the entered method.
You may easily prevent any station on one segment from accessing a specific resource on the other segment; for this,
“positive” filtering and the use of “Filter if Des tination” would be appropriate. If you want to disallow a sp ecific station from
accessing any service, “Filter if Source” could be used.
You may easily prevent stations on one segment from accessing all but a specific resource on the other segment; for this,
“negative” filtering and the use of “Forward if Destination” would be appropriate. If you want to disallow all but a specific
station from accessing any service on the other segment, the use of “Forward if Source” could be used.
Example cases are found on the following pages.
TCP/IP, XNS, and Novell Netware frame formats, as well as some common Ethernet type codes, are found by the back
cover.