User`s guide
5-1
CHAPTER 5
FILTERS
One of the most significant features of the ATX is its powerful user-
configurable filtering capabilities. Flexible filtering is useful for
implementing security measures and improving network
performance. For some applications, filtering capabilities may be
so important that they are the primary reason for using a bridge.
A filter is an instruction to the ATX to screen packets based on the
criteria you select. All bridges by nature filter packets; they discard
local traffic. Local traffic is defined as packets that are destined for
the same network from which they came.
In addition to the basic bridge function of filtering local traffic, the
ATX allows you to implement two types of filters that are useful
for managing and administering networks:
• Address table filters, which use the Bridge Address Table to
screen local traffic.
• Combination port filters, which apply filters to or from a specific
port segment.
Filters should be used judiciously, because they may degrade
network performance. (See Filtering and Performance
Considerations below.)
The ATX can be configured to selectively filter network traffic
based on source or destination address, entry or exit port, type of
packet or a custom mask applied anywhere in the data packet. An
entry port is defined as a pre-processing filter; the filter condition is
satisfied first and then a bridging decision is made. An exit filter is
defined as a post-processing filter; the ATX makes a bridging
decision and then acts on the filter. Based on selection parameters
you define, the ATX identifies data packets that are to be filtered
and discards them.
The following sections describe the ATX’s enhanced filtering
capabilities. “Adding a filter” describes how to set up a filter.