Filter
Top Products
Chapter 20: Security Configuration Guide
280 SmartSwitch Router User Reference Manual
A secure filter shuts down access to the SSR based on MAC addresses. All packets
received by a port are dropped. When combined with static entries, however, these
filters can be used to drop all received traffic but allow some frames to go through.
Configuring Layer-2 Address Filters
If you want to control access to a source or destination on a per-MAC address basis, you
can configure an address filter. Address filters are always configured and applied to the
input port. You can set address filters on the following:
• A source MAC address, which filters out any frame coming from a specific source
MAC address
• A destination MAC address, which filters out any frame destined to specific
destination MAC address
• A flow, which filters out any frame coming from a specific source MAC address that is
also destined to a specific destination MAC address
To configure Layer-2 address filters, enter the following commands in Configure mode:
Configure a source MAC based
address filter.
filters add address-filter name <name>
source-mac
<MACaddr> source-mac-
mask
<mask> vlan <VLAN-num> in-
port-list
<port-list>
Configure a destination MAC based
address filter.
filters add address-filter name <name>
dest-mac
<MACaddr> dest-mac-mask
<mask> vlan <VLAN-num> in-port-
list
<port-list>
Configure a Layer-2 flow address
filter.
filters add address-filter name <name>
source-mac
<MACaddr> source-mac-
mask
<mask> dest-mac <MACaddr>
dest-mac-mask
<mask> vlan <VLAN-
num>
in-port-list <port-list>