Defining and configuring named source-port filters
The named source-port filter
command
operates from the global configuration level.
Syntax
[no] filter source-port named-filter <filter-name>
Defines or deletes a named source-port filter.
The <filter-name> may contain a maximum of 20 alpha-numeric
characters (longer names may be specified, but they are not displayed.)
A filter-name cannot be a valid port or port trunk name. The maximum
number of named source-port filters that can be used is equal to the
number of ports on a switch. A named source-port filter can only be
removed if it is not in use (use the show filter source-port
command
to check the status). Named source-port filters are not automatically
deleted when they are no longer used. Use the no option to delete
an unused named source-port filter
Syntax
filter source-port named-filter <filter-name>drop <destination-port-list>
Configures the named source-port filter to drop
traffic having a destination on the ports and port trunks in the <destination-port-list>.
Can be followed by the forward
option if you have
other destination ports or port trunks previously set to drop that
you want to change to forward
.
For example:filter source-port named-filter
<filter-name>drop <destination- port-list> forward <destination-port-list>
.
The destination-port-list
may
contain ports, port trunks, and ranges (for example 3-7 or trk4-trk9)
separated by commas.
Syntax
filter source-port named-filter <filter-name>forward <destination-port-list>
Configures the named source-port filter to forward
traffic having a destination on the ports and port trunks in the <destination-port-list>
.Since
“forward” is the default state for destinations in a filter, this
command is useful when destinations in an existing filter are configured
for “drop” and you want to change them to ”forward”. Can be followed
by the drop
option if you have other destination ports
set to forward
that you want to change to drop
.
For example: filter source-port named-filter
<filter-name>forward <destination-port-list> drop <destination-port-list>
web-only
and accounting
.switch(config)# filter source-port named-filter webonly
switch(config)# filter source-port named-filter accountingBy default, these two named source-port filters forward traffic to all ports and port trunks.
drop
option is used. For
example, on a 26-port switch, to configure the named source-port filter web-only
to
drop any traffic except that for destination ports 1 and 2, the following
command would be used:switch(config)# filter source-port named-filter webonly drop 3-26A named source-port filter can be defined and configured in a single command by adding the
drop
option, followed by the
required destination-port-list.
Example
While named source-port filters may be defined and configured in two steps, this is not necessary. Here we define and configure each of the named source-port filters for our example network in a single step.
Once the named source-port filters have been defined and configured we now apply them to the switch ports.
The show filter command shows what ports have filters applied.
Using the IDX value in the show filter command, we can see how traffic is filtered on a specific port (Value).The two outputs below show a non-accounting and an accounting switch port.
The same command, using IDX 26, shows how traffic from the Internet is handled.
As the company grows, more resources are required in accounting. Two additional accounting workstations are added and attached to ports 12 and 13. A second server is added attached to port8.
The following revisions to the named source-port filter definitions maintain the desired network traffic management, as shown in the Action column of the show command.
We next apply the updated named source-port filters to the appropriate switch ports. As a port can only have one source-port filter (named or not named), before applying the new named source-port filters we first remove the existing source-port filters on the port.
The named source-port filters now manage traffic on the switch ports as shown below, using the show filter source-port command.