3Com 2200 Switch User Manual


 
13
CONFIGURING ADDRESS AND
P
ORT GROUPS TO USE IN
P
ACKET FILTERS
This chapter describes how to use address and port groups as filtering
criteria in a packet filter, and how to administer address and port groups.
Using Groups in
Packet Filters
You can use address groups (a list of MAC addresses) and port groups (a list
of Switch 2200 Ethernet and FDDI ports) as filtering criteria in a packet filter.
For more information about address and port group concepts, see Chapter
7: User-defined Packet Filtering in the SuperStack™ II Switch 2200
Operation Guide.
A packet filter uses a group to make filtering decisions by accessing the
group’s source group mask and destination group mask. You reference these
group masks using the opcodes SAGM (source address group mask), DAGM
(destination address group mask), SPGM (source port group mask), and
DPGM (destination port group mask). Here are some examples of using
address and port groups in packet filters.
Address group packet
filter example
In this example, the filter only forwards packets among stations that are
within the same address group.
Name “Accept Same Source and Destination”
pushSAGM # Get source address group mask
pushDAGM # Get destination address
# group mask
and # Compare if source address and
# destination address are common
# members of an address group (result
# is either zero or non-zero)
pushLiteral.l 0 # Put a zero on the stack
ne # If not equal, returns a “one” to
# stack, resulting in packet
# forwarded