Enterasys Networks Fast Network 10 User Manual

Using Filters for Security Purposes

Fast Network 10 User Guide

Page 5-13

Example 2: Blocking Access to Specific Stations

In this example, a company uses a FN10 to connect two LANs (see
Figure 5-2). Three workstations on LAN 2 (the Accounting Subnet)
contain sensitive data (workstations F, G, and H). The company wants to
prevent users on LAN 1 (the Manufacturing Subnet) from accessing data
on these three workstations. Therefore, the objective is to prevent users on
LAN 1 from accessing workstations F, G, and H on LAN 2.

Figure 5-2

Using Filters to Restrict Access to Specific Stations

In this example, a Port filter is configured that instructs the FN10 to
discard data packets whose destination address is F, G, or H (the
addresses of the workstations containing sensitive data). Therefore, the
FN10 will not pass any packets from LAN 1 to LAN 2 if the packet’s
destination address is F, G, or H.

This filtering example specifies three separate components:

•

Traffic from LAN 1

•

Traffic destined for addresses F, G, and H on LAN 2

•

Match flags for both components

FN10

Accounting Subnet

Manufacturing Subnet

LAN 1

B

C

D

A

F

E

G

H

LAN 2

Computers that cannot
be accessed by LAN 1
users

Concentrator

Concentrator