Filter
Top Products
Advanced Configuration and Management Guide
Define Additional Zone Filters
When defining AppleTalk zone filters, you must define both deny and permit relationships for an interface. For
instance, in the previous example, a deny filter prevents users within Marketing and Field Service zones from
accessing the Finance zone.
Because all additional zones not specifically addressed by a deny filter are permitted by default, you do not need
to configure any specific permit definitions, and the requirement of defining both deny and permit relationships is
satisfied.
However, the additional zone filter is useful in denying access to those zones not specifically addressed in permit
zone filters. Consider the following example.
EXAMPLE:
Suppose Sales, Human Resources (HR), Engineering, and Training zones will be added to the network in the next
month. You know in advance that the only other zone that will be allowed access to the Finance zone is the HR
zone.
You can configure permit zone filters (Figure 15.2) for ports 4/10 and 4/14 that allow the HR zone to have access
to the finance zone and deny access to all others with a deny additional zone filter (Figure 15.2). This approach
addresses the current network and all future zone additions with no additional configuration.
USING THE CLI
To define the permit filter for HR on ports 4/10 and 4/14, enter the following commands:
HP9300(config)# interface e 4/10
HP9300(config-if-4/10)# no appletalk routing
HP9300(config-if-4/10)# appletalk permit zone HR
HP9300(config-if-4/10)# deny additional-zones
HP9300(config-if-4/10)# appletalk routing
HP9300(config-if-4/10)# int e 4/14
HP9300(config-if-4/14)# no appletalk routing
HP9300(config-if-4/14)# appletalk permit zone HR
HP9300(config-if-4/14)# appletalk routing
HP9300(config-if-4/14)# write memory
NOTE: You must disable AppleTalk routing on any interface already operating with AppleTalk before making any
modifications to the configuration, and then re-enable routing to activate the change.
USING THE WEB MANAGEMENT INTERFACE
To define the permit and deny filters discussed above:
1. Log on to the device using a valid user name and password for read-write access. The System configuration
dialog is displayed.
2. Click on the plus sign next to Configure in the tree view to expand the list of configuration options.
3. Click on the plus sign next to AppleTalk in the tree view to expand the list of AppleTalk option links.
4. Click on the Zone Filter
link.
• If the device does not have any AppleTalk zone filters, the AppleTalk Zone Filter configuration panel is
displayed.
• If an AppleTalk zone filter is already configured and you are adding a new one, click on the Configure
AppleTalk Zone Filter link to display the AppleTalk Zone Filter configuration panel.
• If you are modifying an existing AppleTalk zone filter, click on the Modify button to the right of the row
describing the filter to display the AppleTalk Zone Filter configuration panel.
15 - 12