Configuring a source-port traffic filter
Syntax
[no] [source-port<port-number|trunk-name>]
If multiple VLANs are configured, the source-port and the destination ports must be in the same VLAN unless routing is enabled. Similarly, if a VLAN containing both the source and destination is a multinet where either the source or destination port, or both, are on the same subnet.
Syntax
[drop] <destination-port-list>[forward <port-list>]
Configures the filter to drop traffic for the
ports and trunks in the designated <destination-port-list>
.
Can be followed by forward
<destination-port-list>
if
you have other destination ports set to drop
that
you want to change to forward
. If no drop or forward
action is specified, the switch automatically creates a filter with
a forward
action from the designated source port
(or trunk) to all destination ports (or trunks) on the switch.
Syntax
[forward]<port-list>
Configures the filter to forward traffic for
the ports and/ or trunks in the designated <destination-port-list>
.
Because forward
is the default state for destinations
in a filter, this command is useful when destinations in an existing
filter are configured for drop
and you want to change
them to forward
. Can be followed by drop
<destination-port-list>
if
you have other destination ports set to forward
that
you want to change to drop
. If no drop or forward
action is specified, the switch automatically creates a filter with
a forward action from the designated source port (or trunk) to all
destination ports (or trunks) on the switch.
Example
For example, assume that you want to create a source-port filter that drops all traffic received on port 5 with a destination of port trunk 1 (Trk1) and any port in the range of port 10 to port 15. To create this filter you would execute this command:
switch(config)# filter source-port 5 drop trk1,10-15
Later, suppose you wanted to shift the destination port range for this filter up by two ports; that is, to have the filter drop all traffic received on port 5 with a destination of any port in the range of port 12 to port 17. (The Trk1 destination is already configured in the filter and can remain as-is.)With one command you can restore forwarding to ports 10 and 11 while adding ports 16 and 17 to the "drop" list:
switch(config)# filter source-port 5 forward 10-11 drop 16-17