Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
451452453454455456457458459460
Table 50 Filter types and criteria
Selection criteriaStatic Filter Type
Inbound traffic from a designated, physical source-port will be forwarded or dropped on a
per-port (destination) basis.
Source-port
Inbound traffic having a specified multicast MAC address will be forwarded to outbound ports
(the default) or dropped on a per-port (destination) basis.
Multicast
Inbound traffic having the selected frame (protocol) type will be forwarded or dropped on a
per-port (destination) basis.
Protocol
Source-Port Filters
This filter type enables the switch to forward or drop traffic from all end nodes on the indicated
source-port to specific destination ports.
Figure 329 Source-port filer application
Operating Rules for Source-Port Filters
You can configure one source-port filter for each physical port and port trunk on the switch.
(See “Defining and configuring named source-port filters” (page 428).)
You can include all destination ports and trunks in the switch on a single source-port filter.
Each source-port filter includes:
One source port or port trunk (trk1, trk2, ...trkn)
A set of destination ports and/or port trunks that includes all untrunked LAN ports and
port trunks on the switch
An action (forward or drop) for each destination port or port trunk
When you create a source-port filter, the switch automatically sets the filter to forward traffic
from the designated source to all destinations for which you do not specifically configure a
drop” action. Thus, it is not necessary to configure a source-port filter for traffic you want the
switch to forward unless the filter was previously configured to drop the desired traffic.
When you create a source port filter, all ports and port trunks (if any) on the switch appear
as destinations on the list for that filter, even if routing is disabled and separate VLANs and/or
subnets exist. Where traffic would normally be allowed between ports and/or trunks, the
switch automatically forwards traffic to the outbound ports and/or trunks you do not specifically
Overview 451