Filter
Top Products
Traffic/Security Filters (HP ProCurve Series 2600/2600-PWR and 2800 Switches)
Overview
Overview
Applicable Switch Models. Traffic/Security filters are available on these
current HP ProCurve switch models:
■ HP ProCurve Series 2600/2600-PWR Switches (source-port filters)
■ HP ProCurve Switch 2800 Series (source-port filters)
■ HP ProCurve Switch 2512 and 2524 (source-port, multicast, and
protocol filters)
This chapter describes Traffic/Security filters on the Switch 2800 Series
devices. For information on filters for the Switch 2512 and 2524, refer to the
Management and Configuration Guide provided for these devices.
General Operation. You can enhance in-band security and improve control
over access to network resources by configuring static per-port filters to
forward (the default action) or drop unwanted traffic. That is, you can config-
ure a traffic filter to either forward or drop all network traffic moving between
an inbound (source) port or trunk and any outbound (destination) ports and
trunks (if any) on the switch.
■ With routing disabled on the switch (the default), source-port filtering
can operate on traffic moving within the same VLAN.
■ With routing enabled on the switch, source-port filtering can operate
on traffic moving between VLANs as well as within the same VLAN.
(If you configure multinetting within a VLAN and enable routing on
the switch, you can use source-port filtering to filter traffic between
subnets within the same VLAN.)
Note The switch manages a port trunk as a single source or destination for source-
port filtering. If you configure a port for filtering before adding it to a port
trunk, the port retains the filter configuration, but suspends the filtering action
while a member of the trunk. If you want a trunk to perform filtering, first
configure the trunk, then configure the trunk for filtering. Refer to
“Config-
uring a Filter on a Port Trunk” on page 10-6.
When you create a source port filter, all ports or port trunks on the switch
appear as destinations on the list for that filter. The switch automatically
forwards traffic to the ports and/or trunks you do not specifically configure
10-2