KB.15.15

configure to drop traffic. (Destination ports that comprise a trunk are listed collectively by the

trunk name— such as Trk1— instead of by individual port name.)

• Packets allowed for forwarding by a source-port filter are subject to the same operation as

inbound packets on a port that is not configured for source-port filtering.

• With multiple IP addresses configured on a VLAN, and routing enabled on the switch, a single

port or trunk can be both the source and destination of packets moving between subnets in

that same VLAN. In this case, you can prevent the traffic of one subnet from being routed to

another subnet of the same port by configuring the port or trunk as both the source and

destination for traffic to drop.

Example 21 Example

If you wanted to prevent server “A” from receiving traffic sent by workstation “X”, but do not want

to prevent any other servers or end nodes from receiving traffic from workstation “X”, you would

configure a filter to drop traffic from port 5 to port 7. The resulting filter would drop traffic from

port 5 to port 7, but would forward all other traffic from any source port to any destination port.

(See Figure 330 (page 452) and Figure 331 (page 452).

Figure 330 Filter blocking traffic only from Port 5 to Server A

Figure 331 Filter for the actions shown in Figure 330

Name source-port filters

You can specify named source-port filters that may be used on multiple ports and port trunks. A

port or port trunk can only have one source-port filter, but by using this capability you can define

a source-port filter once and apply it to multiple ports and port trunks. This can make it easier to

configure and manage source-port filters on your switch. The commands to define, configure,

apply, and display the status of named source-port filters are described below.

452 Traffic/Security Features and Monitors