Appendix b - programmable filtering, Mac address filtering, Security – Perle Systems IOLINK-PRO IOLINK-520 User Manual

IOLINK-PRO & 520 Reference Manual —

B.1

Appendix B - Programmable Filtering

Programmable filtering gives the network manager the ability to control under what conditions Ethernet frames are forwarded

across bridge or bridge/router ports. There are many reasons why this might need to be accomplished, some of which are

security, protocol discrimination, bandwidth conservation, and general restrictions.

To reach a specific filtering goal, there is usually more than one possible filter expression that may be used. This of course is

dependent on the specific filtering requirement, and how flexible the filter should be.

The following pages describe how programmable filters may be used in typical applications. Although this is only a small

sampling of the many possibilities, a cross-section of use of filters is presented.

MAC Address Filtering

Security

The need for security has become increasingly important in Local Area Networking, and with the use of programmable filters,

security may be easily and effectively implemented across segment boundaries. By defining a programmable filter, the

network manager may control what traffic is allowed between LAN segments, thereby controlling the security of resources by

preventing unauthorized user access.

The IOLINK router provides three built-in functions – in addition to defined programmable masks – to control the access to

resources. The first function is “Filter if Source”; the second is “Filter if Destination.” The third function allows you to

change the filter operation from “positive” to “negative.” Positive filter operation causes the specified MAC addresses to be

filtered according to the entered method. Negative filter operation causes the specified MAC addresses to be forwarded

according to the entered method.

You may easily prevent any station on one segment from accessing a specific resource on the other segment; for this,

“positive” filtering and the use of “Filter if Destination” would be appropriate. If you want to disallow a specific station from

accessing any service, “Filter if Source” could be used.

You may easily prevent stations on one segment from accessing all but a specific resource on the other segment; for this,

“negative” filtering and the use of “Forward if Destination” would be appropriate. If you want to disallow all but a specific

station from accessing any service on the other segment, the use of “Forward if Source” could be used.

Example cases are found on the following pages.

TCP/IP, XNS, and Novell Netware frame formats, as well as some common Ethernet type codes, are found by the back

cover.