HP 2600 Series User Manual

Page 279

Advertising
background image

10-11

Traffic/Security Filters (ProCurve Series 2600/2600-PWR and 2800 Switches)

Using Source-Port Filters

A named source-port filter must first be defined and configured before it can
be applied. In the following example two named source-port filters are
defined,

web-only and accounting.

ProCurve(config)# filter source-port named-filter web-

only

ProCurve(config)# filter source-port named-filter

accounting

By default, these two named source-port filters forward traffic to all ports and
port trunks.

To configure a named source-port filter to prevent inbound traffic from being
forwarded to specific destination switch ports or port trunks, the

drop option

is used. For example, on a 26-port switch, to configure the named source-port
filter

web-only to drop any traffic except that for destination ports 1 and 2, the

following command would be used:

ProCurve(config)# filter source-port named-filter web-

only drop 3-26

A named source-port filter can be defined and configured in a single command
by adding the

drop option, followed by the required destination-port-list.

Syntax: filter source-port named-filter <filter-name > drop < destination-port-list >

Configures the named source-port filter to drop traffic having a destination on the
ports and/or port trunks in the < destination-port-list >. Can be followed by the forward
option if you have other destination ports or port trunks previously set to drop that you
want to change to forward. For example:
filter source-port named-filter <filter-name > drop < destination-port-list > forward <
destination-port-list

>

The destination-port-list may contain ports, port trunks, and ranges (for example 3-
7 or trk4-trk9) separated by commas.

Syntax: filter source-port named-filter <filter-name > forward < destination-port-list >

Configures the named source-port filter to forward traffic having a destination on the
ports and/or port trunks in the
< destination-port-list >. Since "forward" is the default state for destinations in a filter,
this command is useful when destinations in an existing filter are configured for "drop"
and you want to change them to "forward". Can be followed by the drop option if you
have other destination ports set to forward that you want to change to drop. For
example:

filter source-port named-filter <filter-name > forward < destination-port-list > drop
< destination-port-list >

Advertising
Popular Brands
Popular manuals