Manualshelf

User`s guide

ManualsBrandsCabletron Systems ManualsComputer equipment3E08-04
161162163164165166167168169170
5-22
Filters
packets from Accounting destined for Engineering (LAN 4 to LAN
3). Each filter includes:
The source LAN or port number
The destination port
Match flags
The filters are constructed as follows:
Filter 1: Identifier is port 4 as a destination
Fields are source LAN = 3, Match
Filter 2: Identifier is port 3 as a destination
Fields are source LAN = 4, Match
Any packet whose source is LAN 4 and destination is Port 3 will be
filtered. Likewise, any packet whose source is LAN 3 and
destination is Port 4 will be filtered. However, the filters will not
affect user access to the FDDI subnet (LAN 12). Therefore, the
objective has been accomplished: LANs 3 and 4 (Engineering and
Accounting) cannot interact, but users on either LAN can access
LAN 2 (the FDDI backbone).
This is an example of logical segmenting. In this case, LANs 3 and
4 are distinct physical segments; however, before the filters were
implemented, they were able to freely communicate. The filters
were used to logically segment the network in such a way that
LANs 3 and 4 cannot interact.
Example 2 — Blocking access to specific stations
A company uses a ATX to connect two LAN networks (Figure 5-2).
Three computers on LAN 2 (the Accounting subnetwork) contain
sensitive data (stations F, G, and H). The company wishes to
prevent workstations on LAN 1 (Manufacturing) from accessing
data on these three computers. Therefore, the objective is to
prevent LAN 1 network users from accessing stations F, G, and H
on LAN 2.