Configuring layer-2 address filters – Cabletron Systems SMARTSWITCH ROUTER 9032578-05 User Manual

Chapter 20: Security Configuration Guide

280

SmartSwitch Router User Reference Manual

A secure filter shuts down access to the SSR based on MAC addresses. All packets
received by a port are dropped. When combined with static entries, however, these
filters can be used to drop all received traffic but allow some frames to go through.

Configuring Layer-2 Address Filters

If you want to control access to a source or destination on a per-MAC address basis, you
can configure an address filter. Address filters are always configured and applied to the
input port. You can set address filters on the following:

•

A source MAC address, which filters out any frame coming from a specific source
MAC address

•

A destination MAC address, which filters out any frame destined to specific
destination MAC address

•

A flow, which filters out any frame coming from a specific source MAC address that is
also destined to a specific destination MAC address

To configure Layer-2 address filters, enter the following commands in Configure mode:

Configure a source MAC based
address filter.

filters add address-filter name

<name>

source-mac

<MACaddr>

source-mac-

mask

<mask>

vlan

<VLAN-num>

in-

port-list

<port-list>

Configure a destination MAC based
address filter.

filters add address-filter name

<name>

dest-mac

<MACaddr>

dest-mac-mask

<mask>

vlan

<VLAN-num>

in-port-

list

<port-list>

Configure a Layer-2 flow address
filter.

filters add address-filter name

<name>

source-mac

<MACaddr>

source-mac-

mask

<mask>

dest-mac

<MACaddr>

dest-mac-mask

<mask>

vlan

<VLAN-

num>

in-port-list

<port-list>