[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference netcad::hub_mgnt

Title:	DEChub/HUBwatch/PROBEwatch CONFERENCE
Notice:	Firmware -2, Doc -3, Power -4, HW kits -5, firm load -6&7
Moderator:	NETCAD::COLELLADT

Created:	Wed Nov 13 1991
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	4455
Total number of notes:	16761

2146.0. "setting address filtering" by KERNEL::ANSONR () Tue Mar 28 1995 07:46

    Dear readers hope you can help  <--sounds like a problem page in cosmo.
                                       not that I read it though!!!
    
    
    A cust of mine has a decbridge 900EE in a hub900 and is using hubwatch
    to manage it. He wants to setup address filtering to allow only certain
    addresses across the bridge for security reasons. I take it we would
    have to stop the bridge forwarding function and then... . Does anybody
    know any quick setup steps to achieve this. Hope you don't think I'm
    too lazy by asking setup questions in here!!
    
    many thanks
    
    Rich.

T.R	Title	User	Personal Name	Date	Lines
2146.1	Step 1: Press the HELP button.	SLINK::HOOD	April showers bring vacation days	`Tue Mar 28 1995 14:38`	25
	(1) Double-click on the DECswitch 900EF bezel. This brings up the switch summary screen. (2) In the summary screen press the address filters button. This brings up the address filters screen. The HELP button at the bottom of the summary screen also explains how to get the address filters window. (3) In the address filters screen, press the "+" button. This allows you to add an address filter. The HELP button at the bottom of the address filters window also explains how to add filters. (4) In the address pop-up, select MAC or IP or DECnet (some choices may not be available depending on your platform) then enter either the MAC / IP / DECnet name or address. Internally, HUBwatch will translate whatever you enter into a MAC address. Now, select (using the arrow buttons) whether you want the address to appear on a port or not. A green arrow means not filtered. A red arrow with a bar means filtered. If the address is multicast, you can also select rate limiting by pressing the button in the upper right corner (stopwatch/arrow icon). The HELP button at the bottom of the address pop-up explains what each of these fields does. (5) Finally, hit <OK> at the bottom of the address pop-up. You are now filtering that address from the selected ports. The HELP function explains how each step works in detail. Tom Hood HUBwatch
2146.2	Sorry for being thick!!	KERNEL::ANSONR		`Wed Mar 29 1995 15:53`	7
	Thanks Tom for the info., But (forgive me if I'm being thick) wouldn't this still allow all addresses to be forwarded across the bridge - as we have not specified that all other address should not be allowed across. Rich
2146.3	Put specific ports in manual mode....	NETCAD::BATTERSBY		`Wed Mar 29 1995 16:50`	10
	>But (forgive me if I'm being thick) wouldn't this still allow all >addresses to be forwarded across the bridge - as we have not specified >that all other address should not be allowed across. Well, if that's what you were are trying to do, I think you can set the bridge to "manual mode", or individual ports to manual mode. This clears the forwarding table of the specific ports you put into manual mode. Then you can do as Tom suggested, I believe. Bob
2146.4	And for Manual Mode, do this AFTER PRESSING THE HELP BUTTON.	SLINK::HOOD	April showers bring vacation days	`Wed Mar 29 1995 22:17`	108
	(1) Double-click on the DECswitch 900EF bezel. This brings up the switch summary screen. (2) In the summary screen press the address filters button. This brings up the address filters screen. The HELP button at the bottom of the summary screen also explains how to get the address filters window. (3) In the address filters screen, look at the section labelled "Unspecified Filter Defaults" and "Manual Mode" (same box, two labels) (4) A green arrow per port means all unspecified addresses can be forwarded. A red arrow means all unspecified addresses will not pass onto or from port. (5) By default, all "Unspecified Filter Defaults" are set to green (can be forwarded on this port). If you make a port's arrow red, only the addresses you specify in the middle of the window can pass. (6) Same rules apply about pressing the <HELP> button. (see below) (7) Don't forget to press the <HELP> button. (see below) (8) The <HELP> button may provide more information. (see below) ---------------------------------------------------- Here's what HELP says from the Address Filters window: (Motif Bookreader version; Windows version has some minor differences) Address Filtering Window Open the window to display the following types of information: Information Description Identification Descriptive information about the module Filtering Information Address filtering information Filters list box The filters defined for specific addresses Default Address Filter The default filter for all addresses that do not have specified filters ---------------------------------------------------- (It also goes on to describe the other buttons in the window) Clicking on "Default Address Filter" produces the following HELP: Manual Mode The filter port mask for all unspecified addresses allows you to create a filter that applies to all addresses for which you have not created a specific filter on a port. For example, by stipulating that port 2 will filter messages with all unspeci- fied addresses, you can ensure that all messages except those with the address you specify for port 2 in the Filter table will be filtered on port 2. This feature is also called manual mode because it allows you to turn off learning on a module port. Using this feature, you can manually configure the module as a secure gateway, to restrict the traffic flow to trusted stations. For more information on creating a filter for all unspecified addresses, double click here. ---------------------------------------------------- Clicking on "click here" produces the following HELP: Creating a Default Filter for All Unspecified Addresses The Bridge Address Filtering window includes a filter port mask for all unspecified addresses. This mask allows you to create a filter that will apply to all addresses for which you have not created a specific filter. For example, by stipulating that port 2 will filter messages with all unspecified addresses, you can ensure that all messages except those with the ad- dress you specify for port 2 in the Filter list box will be filtered on port 2. This feature is also called manual mode because it allows you to turn off learning on a module port. Using this feature, you can manually configure the module as a secure gateway, to restrict the traffic flow to trusted stations. Initially, the filter port mask for all unspecified addresses shows no ports filtered. To specify a filter for all unspecified addresses: 1. From the Hub Front Panel window, double click on the module. 2. Click on the Address Filtering window push button in the More Information box. <picture of Adrs Filter Address Filtering window push button button icon here> The Bridge Address Filtering window appears 3. Click on the arrows in the All Unspecified Addresses fil- ter mask until the arrows indicate the default filter mask you want. A green arrow under a port number indicates that messages are not filtered on the port. A red arrow tipped with a black horizontal bar indicates that messages are filtered on the port. 4. Click on Apply to apply the change or OK to apply the change and dismiss the window. Tom Hood HUBwatch
2146.5	Merci	KERNEL::ANSONR		`Thu Mar 30 1995 16:29`	5
	Thanks everybody for your help, I'll try and remember that help button next time! Rich