Configuring a source-port traffic filter
Syntax:
filter [source-port <port-number|trunk-name>]
no filter [source-port <port-number|trunk-name>]
no
form of the command deletes the source-port filter for <port-number> and returns the destination ports for that filter to the Forward action. (Default: Forward on all ports.)
If multiple VLANs are configured, the source-port and the destination port(s) must be in the same VLAN unless routing is enabled. Similarly, if a VLAN containing both the source and destination is multinetted, the source and destination ports and/or trunks must be in the same subnet unless routing is enabled.
Syntax:
[drop] <destination-port-list> [forward <port-list>]
Configures the filter to drop traffic for the ports and/or trunks in the designated
<destination-port-list>
. Can be followed by
forward
<destination-port-list>
if you have other destination ports set to
drop
that you want to change to
forward
. If no drop or forward action is specified, the switch automatically creates a filter with a
forward
action from the designated source port (or trunk) to all destination ports (or trunks) on the switch.
Syntax:
[forward] <port-list>
Configures the filter to forward traffic for the ports and/ or trunks in the designated
<destination-port-list>
. Because
forward
is the default state for destinations in a filter, this command is useful when destinations in an existing filter are configured for
drop
and you want to change them to
forward
. Can be followed by
drop
<destination-port-list>
if you have other destination ports set to
forward
that you want to change to
drop
. If no drop or forward action is specified, the switch automatically creates a filter with a forward action from the designated source port (or trunk) to all destination ports (or trunks) on the switch.
Example:
For example, assume that you want to create a source-port filter that drops all traffic received on port 5 with a destination of port trunk 1 (Trk1) and any port in the range of port 10 to port 15. To create this filter you would execute this command:
switch(config)# filter source-port 5 drop trk1,10-15
Later, suppose you wanted to shift the destination port range for this filter up by two ports; that is, to have the filter drop all traffic received on port 5 with a destination of any port in the range of port 12 to port 17. (The Trk1 destination is already configured in the filter and can remain as-is.)With one command you can restore forwarding to ports 10 and 11 while adding ports 16 and 17 to the "drop" list:
switch(config)# filter source-port 5 forward 10-11 drop 16-17