9-4
Traffic/Security Filters and Monitors
Filter Types and Operation
Source-Port Filters
This filter type enables the switch to forward or drop traffic from all end nodes
on the indicated source-port to specific destination ports.
Figure 9-1. Example of a Source-Port Filter Application
Operating Rules for Source-Port Filters
■ You can configure one source-port filter for each physical port and
port trunk on the switch. (Refer to the filter command on page 9-16.)
■ You can include all destination ports and trunks in the switch on a
single source-port filter.
■ Each source-port filter includes:
• One source port or port trunk (trk1, trk2, ...trkn)
• A set of destination ports and/or port trunks that includes all
untrunked LAN ports and port trunks on the switch
• An action (forward or drop) for each destination port or port trunk
When you create a source-port filter, the switch automatically sets the
filter to forward traffic from the designated source to all destinations for
which you do not specifically configure a “drop” action. Thus, it is not
necessary to configure a source-port filter for traffic you want the switch
to forward unless the filter was previously configured to drop the desired
traffic.
End
Node
“A”
Server
Switch 6120
Configured for
Source-Port
Filtering
Hub
End
Node
“B”
End
Node
“C”
Port
1
Port
2
Configuring a source-port filter to drop traffic received on port 1 with an outbound destination of port
2 means that End Nodes A, B, and C cannot send traffic to the server. To block traffic in the opposite
direction, you would also configure a source-port filter to drop traffic received on port 2 with an
outbound destination of port 1.
