HP 6120G/XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 314
Source-Port Filters, Operating Rules for Source-Port Filters
View all HP 6120G/XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 314 highlights
Traffic/Security Filters and Monitors Filter Types and Operation Source-Port Filters This filter type enables the switch to forward or drop traffic from all end nodes on the indicated source-port to specific destination ports. End Node "A" End Node "B" End Node "C" Server Hub Port 1 Switch 6120 Configured for Port 2 Source-Port Filtering Configuring a source-port filter to drop traffic received on port 1 with an outbound destination of port 2 means that End Nodes A, B, and C cannot send traffic to the server. To block traffic in the opposite direction, you would also configure a source-port filter to drop traffic received on port 2 with an outbound destination of port 1. Figure 9-1. Example of a Source-Port Filter Application Operating Rules for Source-Port Filters ■ You can configure one source-port filter for each physical port and port trunk on the switch. (Refer to the filter command on page 9-16.) ■ You can include all destination ports and trunks in the switch on a single source-port filter. ■ Each source-port filter includes: • One source port or port trunk (trk1, trk2, ...trkn) • A set of destination ports and/or port trunks that includes all untrunked LAN ports and port trunks on the switch • An action (forward or drop) for each destination port or port trunk When you create a source-port filter, the switch automatically sets the filter to forward traffic from the designated source to all destinations for which you do not specifically configure a "drop" action. Thus, it is not necessary to configure a source-port filter for traffic you want the switch to forward unless the filter was previously configured to drop the desired traffic. 9-4