[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference netcad::hub_mgnt

Title:DEChub/HUBwatch/PROBEwatch CONFERENCE
Notice:Firmware -2, Doc -3, Power -4, HW kits -5, firm load -6&7
Moderator:NETCAD::COLELLADT
Created:Wed Nov 13 1991
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:4455
Total number of notes:16761

1844.0. "Address filter for Closed User Group" by HGODCS::RICHARDLAM () Thu Jan 05 1995 12:48

In the following simplified picture, 

 - Clients 1,2 connects to a DECswitch 900EF via a DECrepeater900TM
 - Client3 connects to the DECswitch 900EF directly
 - The two DECswitch 900EFs are connected via  FDDI
 - Server1 connects to 900EF directly


       Client3
         |
       900EF *************************** 900EF
         |                                 |
       900TM                             Server1
      /      \            
   Client1  Client2


Can we create any address filters so that only Client1 and Client3 can 
access Server1, but access from Client2 will be blocked? In other words, 
Clients 1 & 3 and Server1 will be a closed user group.

Richard
T.RTitleUserPersonal
Name		DateLines
1844.1NETCAD::ANILThu Jan 05 1995 17:024
    Nope. (Not right now anyway - and there are no current plans to do it.
    This function falls into the "virtual lan" category.)
    
    Anil
1844.2meaning on source address filtersHGODCS::RICHARDLAMFri Jan 06 1995 11:5424
Address filtering is defined as (Ref Note 895.1) :

- Address filtering: you can tell the bridge that an address is "allowed"
  on an arbitrary port or set of ports.  This works both as a source address
  filter (in that a packet with this address as source will only be
  forwarded if it came in on one of the allowed set of ports); and as
  a destination address filter (in that a packet with this address as
  destination will only be forwarded to the allowed set of ports, and
  in particular, only to the port on which the address was learnt if this
  information is available).


From Server1's DECswitch's perspective, packets from Client1 will come in from
port1; i.e., the FDDI port.

If we create a source address filter with Client1's MAC address for the FDDI
port of this DECswitch , will this successfully prevent Client1's packets 
from entering any of the Ethernet ports, including the one that Server1 
connects to ? If not, what effect  will such source address filter have ?




Richard
1844.3NETCAD::ANILFri Jan 06 1995 14:2815
> From Server1's DECswitch's perspective, packets from Client1 will come in from
> port1; i.e., the FDDI port.

> If we create a source address filter with Client1's MAC address for the FDDI
> port of this DECswitch , will this successfully prevent Client1's packets 
> from entering any of the Ethernet ports, including the one that Server1 
> connects to ? If not, what effect  will such source address filter have ?
    
    Sure.. this is what the filtering was designed for.  That is, the switch
    prevents Client1's packets from entering any port other than the one
    it is allowed on.  (Also, it sends packets destined to Client 1 only
    to the FDDI port.)  However I don't see how this would solve your
    problem of creating the closed group.
    
    Anil
1844.4SorryHGODCS::RICHARDLAMSat Jan 07 1995 06:0811
Hi Anil,

'Closed user group" are just the words from my customer's month. Of course they 
mean different thing to different people. Sorry for the confusion, and I thank
you for the caution. I'll take these words away from .0. 



Richard