Traffic/Security Filters (HP ProCurve Series 2600/2600-PWR and 2800 Switches)
Overview
to drop traffic. (Destination ports that comprise a trunk are listed collectively
by the trunk name—such as Trk1— instead of by individual port name.) For
example, if you want to prevent server "A" from receiving traffic sent by
workstation "X", but do not want to prevent any other servers or end nodes
from receiving traffic from workstation "X", you would configure a filter to
drop traffic from port 5 to port 7. The resulting filter would drop traffic from
port 5 to port 7, but would forward all other traffic from any source port to
any destination port. (Refer to figures
10-1 and 10-2.
Server "A"
Port 7
Port 8
Server "B"
Port 9
Server "C"
Port 5
Workstation " X"
Figure 10-1. Example of a Filter Blocking Traffic only from Port 5 to Server "A"
This list shows the filter created
to block (drop) traffic from
source port 5 (workstation "X") to
destination port 7 (server "A").
Notice that the filter allows
traffic to move from source port
5 to all other destination ports.
Figure 10-2. The Filter for the Actions Shown in Figure 10-1
Applying a Source Port Filter in a Multinetted VLAN. If you have mul-
tiple IP addresses configured on the same VLAN (multinetting), and routing
is enabled on the switch, then a single port or trunk can be both the source
and destination of packets moving between subnets in that same VLAN. In this
10-3