Policies and Filters
December 2005 © Foundry Networks, Inc. C - 7
The following table lists the various types of filters you can configure on Foundry FastIron X-Series devices.
Layer 2 Filters
Layer 2 filters control a Foundry device’s receipt of packets based on MAC address information. Foundry devices
provide the following types of Layer 2 filters:
• MAC address filters
• Address-lock filters
MAC Filters
MAC filters forward or drop incoming packets based on the following information:
• Source MAC address
• Destination MAC address
• Encapsulation type and EtherType (optional)
A packet whose Layer 2 information matches the filter is either permitted (forwarded) or denied (dropped). You
define a MAC filter on the global level, then apply it to an interface. The filter applies only to incoming traffic on the
interface.
NOTE: MAC filters do not block management access to the Foundry device. For example, if you apply a filter to
block a specific host, the filter blocks switch traffic from the host but does not prevent the host from establishing a
management connection to the device through Telnet. To block management access, use an Access Control List
(ACL). See “Software-Based IP Access Control Lists (ACLs)” on page 5-1.
Table C.8: Foundry Filters
Filter Type Supported on... See
page..
.
FESX FSX FWSX
Layer 2 Filters C-7
MAC filters X X X C-7
Address-lock filters X X X C-8
Layer 3 Filters C-9
RIP route filters X X C-10
RIP neighbor filters X X C-11
BGP address filters X X C-12
BGP AS-path filters X X C-13
BGP community filters X X C-14
RIP redistribution filters X X C-15
OSPF redistribution filters X X C-16
BGP redistribution filters X X C-16
To Next Page
Loading...
