Enterasys Networks Fast Network 10 User Manual

Using Filters for Security Purposes

Fast Network 10 User Guide

Page 5-15

Example 3: Restricting Access to Authorized Users

The example shown in Figure 5-3 is very similar to the previous example.
The difference is that access to workstations F, G, and H will not be
denied to all LAN 1 users. Instead, only authorized users on LAN 1 will
be able to access the sensitive data workstations F, G, and H on LAN 2.

Figure 5-3

Using Filters to Restrict Access to Authorized Users

A Port filter is configured that allows data packets to be sent to the
restricted workstations on LAN 2 only if the packet’s source address is
the address of an authorized user on either workstation B, C, or D of LAN
1. The Port filter’s components are:

•

Source addresses (of authorized users)

•

Destination addresses (which identify packets directed to any of the
restricted workstations)

•

No match flags for both of the above components

The filter is configured as follows:

•

Source address field: B, C, or D (LAN 1), no match

•

Destination address field: F, G, and H (LAN 2), no match

The No match flag is used in both fields to instruct the FN10 to filter all
traffic that does not match both fields.

All packets destined for the restricted workstations on LAN 2 (F, G, or H)
are filtered, unless the source address is the address of an authorized user
on LAN 1 (B, C, or D).

LAN 1

FN10

LAN 2

B

A

C

D

E

F

G

H

Restricted Workstations

Authorized Users