12-21
Traffic/Security Filters and Monitors
Configuring Traffic/Security Filters
For example, suppose you wanted to configure the filters in table 12-3 on a 
switch. (For more on source-port filters, refer to “Configuring a Source-Port 
Traffic Filter” on page 12-17.)
Table 12-3. Filter Example
The following commands configure the filters listed above: 
Figure 12-15. Configuring Various Traffic/Security Filters
Filter Indexing
The switch automatically assigns each new filter to the lowest-available index 
(IDX) number. The index numbers are included in the show filter command 
described in the next section and are used with the show filter < index > 
command to display detailed information about a specific filter. 
If there are no filters currently configured, and you create three filters in 
succession, they will have index numbers 1 - 3. However, if you then delete 
the filter using index number “2” and then configure two new filters, the first 
new filter will receive the index number “2” and the second new filter will 
receive the index number "4". This is because the index number “2” was made 
vacant by the earlier deletion, and was therefore the lowest index number 
available for the next new filter. 
Filter Type Filter Value Action Destination Ports
Source-Port Inbound ports: A1, A2* Drop D1-D4
Multicast 010000-123456 Drop C1-C24, D5-D10
Multicast 010000-224466 Drop B1-B4
Protocol Appletalk Drop C12-C18, D1
Protocol ARP Drop D17, D21-D24
*Because the switch allows one inbound port in a source-port filter, the 
requirement to filter ports A1 and A2 means you will configure two 
separate source-port filters.
HP Switch(config)# filter source-port a1 drop e d1-d4
HP Switch(config)# filter source-port a2 drop d1-d4
HP Switch(config)# filter multicast 010000-123456 drop e c1-c24,d5-d10
HP Switch(config)# filter multicast 010000-224466 drop e b1-b4
HP Switch(config)# filter protocol appletalk drop e c12-c18,d1
HP Switch(config)# filter protocol arp drop e d17,d21-d24