3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
124 CHAPTER 8: TRANSPARENT FIREWALL
Figure 26 Forwarding after successful lookup on address table
Note that the transparent firewall forwards to other interfaces the broadcast and
multicast frames received on an interface or drop them.
No forwarding (filtering) after successful lookup on address table
When station A sends an Ethernet frame to station B, the transparent firewall
filters out and does not forward the frame since stations A and B are in the same
network segment.
Figure 27 No forwarding after successful lookup on address table
Forwarding after failed lookup on address table
If no mapping entry for station C MAC address is found in the MAC address table
after station A sends an Ethernet frame to station C, the transparent firewall
forwards the frame to all other interfaces except the source interfaces. In this case,
Workstation A
00 e 0 . fca a . a aa a
Workstation B
00 e 0 . fcbb . bbbb
Workstation C
Workstation D
00 e 0 . fcdd . dddd 00 e 0 . fccc . cccc
Interface 1
Interface 2
Ethernet segment 1
Ethernet segment 2
MAC address
Port
00 e 0 . fcaa . aaaa
1
00 e 0 . fcbb . bbbb
1
00 e 0 . fccc . cccc
2
00 e 0 . fcdd . dddd
2
Address table
00 e 0 . fcaa . aaaa 00 e 0 . fccc . cccc
Source
Destination
00 e 0 . fccc . cccc 00 e 0 . fcaa . aaaa
Source Destination
Forward
Switch 8800
Workstation A
00e0.fcaa.aaaa
Workstation B
00e0.fcbb.bbbb
Workstation C
Workstation D
00e0.fcdd.dddd 00e0.fccc.cccc
Inter f ac e 1
Inter f ac e 2
Ethernet segment 1
Ethernet segment 2
MAC address Po r t
00e0.fcaa.aaaa 1
00e0.fcbb.bbbb 1
00e0.fccc.cccc 2
00e0.fcdd.dddd 2
Address table
00e0.fcaa.aaaa 00e0.fcbb.bbbb
Source
Destination
Do not
forward
Switch 8800