HP (Hewlett-Packard) 2650 (J4899A/B) Switch User Manual


 
10-5
Traffic/Security Filters (ProCurve Series 2600/2600-PWR and 2800 Switches)
Using Source-Port Filters
Configuring a Source-Port Filter
The source-port filter command operates from the global configuration level.
Example of Creating a Source-Port Filter. For example, assume that
you want to create a source-port filter that drops all traffic received on port 5
with a destination of port trunk 1 (Trk1) and any port in the range of port 10
to port 15. To create this filter you would execute this command:
ProCurve(config)# filter source-port 5 drop trk1,10-15
Later, suppose you wanted to shift the destination port range for this filter up
by two ports; that is, to have the filter drop all traffic received on port 5 with
a destination of any port in the range of port 12 to port 17. (The Trk1 destination
is already configured in the filter and can remain as-is.)With one command
you can restore forwarding to ports 10 and 11 while adding ports 16 and 17 to
the "drop" list:
ProCurve(config)# filter source-port 5 forward 10-11 drop
16-17
Syntax: [no] filter source-port [e] < source-port-number > [ drop [ forward] | forward [ drop ]]
Creates or deletes the source port filter assigned to < source-port-number >. If
you create a source-port filter without specifying a drop or forward action,
the switch automatically creates a filter with a forward action from the
designated source to all destinations on the switch.
[ drop [e] < destination-port-list > ]
Configures the filter for the designated source-port (or source-trunk) (<
source-port-number >) to drop traffic for the ports and/or port trunks in the <
destination-port-list >. Can be followed by the forward option if you have
other destination ports set to drop that you want to change to forward. For
example:
filter source-port <source-port-number > drop < destination-port-list > forward
< destination-port-list>
[ forward [e] < destination-port-list > ]
Configures the filter for the designated source (< source-port-number >)
to forward traffic for the destinations in the < destination-port-
list >. Since "forward" is the default state for destinations in a filter,
this command is useful when destinations in an existing filter are
configured for "drop" and you want to change them to "forward". Can
be followed by the drop option if you have other destination ports set
to forward that you want to change to drop. For example:
filter source-port <source-port-number > forward < destination-port-list >
drop < destination-port-list
>