User`s guide
Filters
5-25
Example 3 — Restricting access to authorized users
The example, shown in Figure 5-3, is very similar to the previous
example. The difference is that access to stations F, G, and H will
not be denied to all LAN 1 users. Instead, only authorized users on
LAN 1 will be able to access the sensitive-data computers, stations
F, G, and H on LAN 2.
Figure 5-3. Using Filters To Restrict Access To Authorized Users
A combination port filter is configured that will allow data packets
to be sent to the restricted computers (F, G, and H) only if the
packet's source address is the address of an authorized user
(station B, C, or D). The combination port filter's components are:
• Source addresses (of authorized users)
• Destination addresses (which identify packets directed to any of
the restricted computers)
• No match flags for both of the above components
The filter is configured as follows:
• Source address field: B, C, or D (LAN 1), no match
• Destination address field: F, G, and H (LAN 2), no match
The No match flag is used in both fields to instruct the ATX to filter
POWER STATUS
ENGINE STATUS
TURBO STATUS
SUPPLY A
SUPPLY B
1.6 Gbps
RESET
PACKET PROCESSING ENGINE
NMS PORT
POWER
FastNET ATX
TM
OFFLINE
PROC
PWR
OCTAL IEEE 802.3 / ETHERNET 10BASE-T
3X 4X 5X 6X 7X 8X2X1X
SEGMENT
LINK
ACT
COL
12345678
OFFLINE
RING 1
RX ST
RING 2
RX ST
RING 3
RX ST
RING 4
RX ST PROC
TX 16 TX 16 TX 16 TX 16 PWR
QUAD IEEE 802.5 TOKEN RING (UTP)
OFFLINE
RX
LK
TX
QUAD FAST ETHERNET / 802.3 100BASE-FX
TX RX
SEGMENT 4SEGMENT 3SEGMENT 2 SEGMENT 1
RX
LK
TX
RX
LK
TX
RX
LK
TX
PROC
PWR
TX RX TX RX TX RX
OFFLINE
TX PWR
INTELLIGENT FDDI
RING A
RING B
THRU
WRAP
RX
PROC
FDDI MIC A FDDI MIC BOPTICAL BYPASS
MULTI-MODE MULTI-MODE
OFFLINE
PROCRX
TX
PWR
QUAD IEEE 802.3 / ETHERNET 10BASE2
SEGMENT 4SEGMENT 3SEGMENT 2 SEGMENT 1
RX
TX
RX
TX
RX
TX
OFFLINE
PROCRX
TX
PWR
QUAD IEEE 802.3 / ETHERNET 10BASE2
SEGMENT 4SEGMENT 3SEGMENT 2 SEGMENT 1
RX
TX
RX
TX
RX
TX
ATX
LAN 1 LAN 2
Authorized Users Restricted
computers
A B C D E F G H