Filter
Top Products
SmartSwitch Router User Reference Manual 165
Chapter 10: Security Configuration Guide
Configuring Layer-2 Address Filters
If you want to control access to a source or destination on a per-MAC address basis, you
can configure an address filter. Address filters are always configured and applied to the
input port. You can set address filters on the following:
• A source MAC address, which filters out any frame coming from a specific source
MAC address.
• A destination MAC address, which filters out any frame destined to specific
destination MAC address.
• A flow, which filters out any frame coming from a specific source MAC address that is
also destined to a specific destination MAC address.
To configure Layer-2 address filters, enter the following commands in Configure mode:
Configuring Layer-2 Port-to-Address Lock Filters
Port address lock filters allow you to bind or “lock” specific source MAC addresses to a
port or set of ports. Once a port is locked, only the specified source MAC address is
allowed to connect to the locked port and the specified source MAC address is not
allowed to connect to any other ports.
To configure Layer-2 port address lock filters, enter the following commands in Configure
mode:
Configure a source MAC based
address filter.
filters add address-filter name
<name>
source-mac
<MACaddr>
vlan
<VLAN-
num>
in-port-list
<port-list>
Configure a destination MAC based
address filter.
filters add address-filter name
<name>
dest-mac
<MACaddr>
vlan
<VLAN-
num>
in-port-list
<port-list>
Configure a Layer-2 flow address
filter.
filters add address-filter name
<name>
source-mac
<MACaddr>
dest-mac
<MACaddr>
vlan
<VLAN-num>
in-
port-list
<port-list>
Configure a port address lock filter.
filters add port-address-lock name
<name>
source-mac
<MACaddr>
vlan
<VLAN-num>
in-port-list
<port-list>