Manualshelf

User`s guide

ManualsBrandsCabletron Systems ManualsComputer equipment3E08-04
141142143144145146147148149150
5-2
Filters
5.1 FILTERING AND PERFORMANCE CONSIDERATIONS
When filters are implemented, the ATX must process packets to
determine if they should be filtered. The processing that takes
place on filters can therefore exact a toll on ATX throughput (or
forwarding) performance. Typically, if you are using address table
filters or a small number of combination port filters, they will have
little effect on performance. However, a large number of
combination port filters will reduce the maximum possible
forwarding rate. For this reason, filters that are no longer needed
should be removed.
5.2 USING FILTERS FOR SECURITY PURPOSES
The various types of security restrictions that can be implemented
using ATX filters are summarized below:
Restrict access to a physical segmentA filter can be
configured to prevent any traffic from being forwarded to a
specific network segment. If, for example, a filter is configured
to block all traffic to the port that connects LAN A to the ATX, all
access to LAN A will be restricted.
Restrict access to a host device – Filters can be configured to
restrict access to a host device in a variety of ways. For example,
filters could be configured to impose either of the following
conditions:
Only users assigned security level A can use host computer X.
Users assigned security levels C and D cannot use computer Y.
Restrict end-nodes – Filters may also be used to restrict
individual workstations from accessing other network devices.
For example, filters could be configured to impose either of the
following conditions:
User B1 can only access workstations C2 and C3.
User B1 cannot access workstation C12.