|
Chapter 9: Security Configuration Guide9 - 4SSR User Reference ManualConfiguring Layer-2 Port-to-Address Lock FiltersPort address lock filters allow you to bind or “lock” specific source MAC addresses toa port or set of ports. Once a port is locked, only the specified source MAC address isallowed to connect to the locked port and the specified source MAC address is notallowed to connect to any other ports.To configure Layer-2 port address lock filters, enter the following commands inConfigure mode:Configuring Layer-2 Static Entry FiltersStatic entry filters allow or force traffic to go to a set of destination ports based on aframe's source MAC address, destination MAC address, or both source and destinationMAC addresses in flow bridging mode. Static entries are always configured and ap-plied at the input port. You can set the following static entry filters:• Source static entry, which specifies that any frame coming from source MACaddress will be allowed or disallowed to go to a set of ports• Destination static entry, which specifies that any frame destined to a specific desti-nation MAC address will be allowed, disallowed, or forced to go to a set of ports• Flow static entry, which specifies that any frame coming from a specific sourceMAC address that is destined to specific destination MAC address will be allowed,disallowed, or forced to go to a set of portsTo configure Layer-2 static entry filters, enter the following commands in Configuremode:Configure a port address lock filter. filters add port-address-lock namesource-mac vlan in-port-listConfigure a source static entry filter. filters add static-entry namerestriction allow|disallow|force source-mac vlan in-port-list out-port-listConfigure a destination static entry fil-ter. filters add static-entry namerestriction allow|disallow|force dest-mac vlan in-port-listout-port-list
PreviousNext |