Filter
Top Products
DES-3326 Layer 3 Fast Ethernet Switch User’s Guide
transmitted to all ports, are transmitted to the destination port only. Example: if Port 1 receives a
packet destined for a station on Port 2, the Switch transmits that packet through Port 2 only, and
transmits nothing through the other ports. This process is referred to as ‘learning’ the network
topology.
MAC Address Aging Time
The Aging Time affects the learning process of the Switch. Dynamic forwarding table entries, which are
made up of the source MAC addresses and their associated port numbers, are deleted from the table if
they are not accessed within the aging time.
The aging time can be from 10 to 1,000,000 seconds with a default value of 300 seconds. A very long
aging time can result in dynamic forwarding table entries that are out-of-date or no longer exist. This
may cause incorrect packet forwarding decisions by the switch.
If the Aging Time is too short however, many entries may be aged out too soon. This will result in a high
percentage of received packets whose source addresses cannot be found in the forwarding table, in
which case the switch will broadcast the packet to all ports, negating many of the benefits of having a
switch.
Static forwarding entries are not affected by the aging time.
Filtering
The switch uses a filtering database to segment the network and control communication between
segments. It can also filter packets off the network for intrusion control. Static filtering entries can be
made by either MAC address or IP address filtering.
Each port on the switch is a unique collision domain and the switch filters (discards) packets whose
destination lies on the same port as where it originated. This keeps local packets from disrupting
communications on other parts of the network.
For intrusion control, whenever a switch encounters a packet originating from or destined to a MAC
address or an IP Address entered into the filter table, the switch will discard the packet.
Some filtering is done automatically by the switch:
• Dynamic filtering – automatic learning and aging of MAC addresses and their location on the
network. Filtering occurs to keep local traffic confined to its segment.
• Filtering done by the Spanning Tree Protocol, which can filter packets based on topology,
making sure that signal loops don’t occur.
• Filtering done for VLAN integrity. Packets from a member of a VLAN (VLAN 2, for example)
destined for a device on another VLAN (VLAN 3) will be filtered.
Some filtering requires the manual entry of information into a filtering table:
• MAC address filtering – the manual entry of specific MAC addresses to be filtered from the
network. Packets sent from one manually entered MAC address can be filtered from the
network. The entry may be specified as a source, a destination, or both.
• IP address filtering – the manual entry of specific IP addresses to be filtered from the network
(switch must be in IP Routing mode). Packets sent from one manually entered IP address to
29