[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference netcad::hub_mgnt

Title:	DEChub/HUBwatch/PROBEwatch CONFERENCE
Notice:	Firmware -2, Doc -3, Power -4, HW kits -5, firm load -6&7
Moderator:	NETCAD::COLELLADT

Created:	Wed Nov 13 1991
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	4455
Total number of notes:	16761

2232.0. "Decswitch filtering setup question." by COPCLU::EBC () Fri Apr 28 1995 09:42

We currently have a filtering sceme set up on a Lanbridge 200 to restrict
access between the two networks schetched below:


   MAIN NETWORK					SUBCONTRACTOR NETWORK


     WAN links			---------		    WAN links
	!	X-LAN A		! LB200	!	X-LAN B		!
   -----------------------------!   F	!------------------------------
	!	!	!	!	!	!	!	!
	!	!	!	!	!	!	!	!
     ------  ------  ------	!	!    ------  ------  ------
     ! LB !  ! LB !  ! LB !	---------    ! LB !  ! LB !  ! LB !
     ! A1 !  ! A2 !  ! A3 !		     ! B1 !  ! B2 !  ! B3 !
     ------  ------  ------		     ------  ------  ------
	!	!	!			!	!	!
	!	!   ------------        ------------	!	!
	!	!					!	!
	!    -------------		      --------------	!
	!							!
     -------------				     --------------

The requirements of the filtering are:
	1. Only registered stations on X-LAN B are allowed access through the 
	   bridge.
	2. The registered stations are only allowed access to certain registered
	   stations on X-LAN A.
	3. Communication between individual stations on X-LAN A must not be
	   restricted by the filtering.
	4. Communication between individual stations on X-LAN B must not be
	   restricted by the filtering.
	5. Only specified protocols are allowed to cross the filtering bridge.

The requirements are met with the following setup of the Lanbridge 
(ELMS commands):

SET MANUAL FILTER SWITCH TRUE

ADD ADDRESS "X-LAN A station xx1" DISPOSITION FORWARD
ADD ADDRESS "X-LAN A station xx2" DISPOSITION FORWARD
....

ADD ADDRESS "X-LAN B station yy1" DISPOSITION FORWARD
ADD ADDRESS "X-LAN B station yy2" DISPOSITION FORWARD
....

ADD ADDRESS "multicast zz1" DISPOSITION FORWARD
ADD ADDRESS "multicast zz1" DISPOSITION FORWARD
....

ADD PROTOCOL "xx-xx" DISPOSITION FORWARD
ADD PROTOCOL "yy-yy" DISPOSITION FORWARD
....

SET PROTOCOL OTHER TYPES DISPOSITION FILTER
SET PROTOCOL OTHER SAPS DISPOSITION FILTER
SET PROTOCOL OTHER SNAPS DISPOSITION FILTER

The Lanbridges are now being replaced by 3 Decswitch 900EE in a Dechub 900.
Implementing the filtering sceme on this platform is complicated by the
increased number of ports and the limited filtering capabilities of these
bridges.
After studying the limited documentation of the Decswitch filtering capabi-
lities, I have come to the conclusion that the desired filtering cannot be
accomplished by filtering setup on ONE Decswitch.
But it should be possible to implement it with the following hub and filter
configuration:

			X-LAN A				X-LAN B

		   SW1		   SW2			   SW3
		---------	---------		---------
		!	!	!	!		!	!
	--------!   1	!   ----!   1	!		!   1	!------
		!	!	!	!		!	!
	--------!   2	!   ----!   2	!		!   2	!------
		!	!	!	!		!	!
	--------!   3	!   ----!   3	!		!   3	!------
		!	!	!	!		!	!
	--------!   4	!   ----!   4	!		!   4	!------
		!	!	!	!		!	!
		!   5	!-------!   5	!		!   5	!------
		!	!	!	!		!	!
	--------!   6	!	!   6	!---------------!   6	!
		!	!	!	!		!	!
		---------	---------		---------

On SW3:

1. Set address filters Unspecified Filter Defaults to not forward on port 6.
2. Add address filters to forward traffic to/from all ports for specified
   station addresses on X-LAN B.
3. Add address filters to forward traffic to/from all ports for specified
   (needed) multicast addresses.
4. Set protocol filters Unspecified Filter Defaults Other Ethernet/ Other
   DSAP/ Other SNAP to not forward on port 6.
5. Add protocol filters to forward traffic to/from all ports for specified
   protocol types.


On SW2:

1. Set address filters Unspecified Filter Defaults to not forward on port 6.
2. Add address filters to forward traffic to/from all ports for specified
   station addresses on X-LAN A.
3. Add address filters to forward traffic to/from all ports for specified
   (needed) multicast addresses.
4. Set protocol filters Unspecified Filter Defaults Other Ethernet/ Other
   DSAP/ Other SNAP to not forward on port 6.
5. Add protocol filters to forward traffic to/from all ports for specified
   protocol types.

Can somebody confirm my suggestion or correct me if I have misunderstood
or overlooked something.

Erik B. Christensen
MCS-COMMS
Copenhagen

T.R	Title	User	Date	Lines
2232.1		NETCAD::ANIL	`Wed May 10 1995 21:18`	4
	Yes, your modified topology with 3 DECswitch EE's will work as described. Nice workaround, if a little extravagant. Anil
2232.2	Thank You	COPCLU::EBC	`Mon May 15 1995 05:32`	6
	Thank you for your answer. I did not make that clear in the initial note, but the 3. switch was not added for filtering purposes, but just to provide more ports for segmenting the network. Erik