[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | DEChub/HUBwatch/PROBEwatch CONFERENCE |
| Notice: | Firmware -2, Doc -3, Power -4, HW kits -5, firm load -6&7 |
| Moderator: | NETCAD::COLELLA�DT |
|
| Created: | Wed Nov 13 1991 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 4455 |
| Total number of notes: | 16761 |
2910.0. "900EF Filtering , will this work ?" by BRIEIS::BARKER_E (Ummm...) Thu Oct 26 1995 10:24
Hi,
A sanity check on the following would be much appreciated to make
sure I'm working on the right lines with the following :-
I'm working on customer site where we have 4 DECswitch 900EF's
connected to a FDDI ring, with other ethernet segments in use with nodes on
them and nodes on the FDDI ring. I want to implement filtering so that
only traffic generated by or destined for nodes on the FDDI or ethernet
segments within the environment of the FDDI/Ethernet segments is passed
to/from the existing 3Com network.
Config as follows, I've left out concentrators for clarity :-
Various ethernets Various ethernets
_|__|_|_______ _|_|_|________
| 900EF | | 900EF |
| 'A' |------FDDI-----------------| 'B' |
|______________| |______________|
| |
| |
|FDDI |FDDI
_____|________ ____|_________
| 900EF | | 900EF |
| 'C' |------FDDI-----------------| 'D' |
|______________| |______________|
| | | | | |
| Various ethernets | Various ethernets
| |
| |
|_ Existing 3 COM network __________________|
I have entered a list of all the MAC addresses of the equipment that
is connected to the DECswitches and the DECswitches on each of the 4
DECswitches, with each address filter set to pass on all 7 ports, plus
broadcast addresses for the protocols in use. I have
then set up manual mode on all ports except the ones connecting to the
existing 3Com network, so that all traffic can enter the two DECswitches
connected to the 3Com network and then only be passed if the destination
address is for one of the permitted addresses. Traffic generated by
the nodes inside the DECswitch environment will be allowed to pass out
as it's source address will be recognised and passed.
Does this sound correct ? Will this give a problem for a node
connected to an ethernet segment on DECswitch 'A' communicating via 2
DECswitches to nodes on the 3COM network , ie going via 'A' and then 'C' onto
the 3COM network ?
Thanks,
Euan
| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 2910.1 | And the answer is .... | BRIEIS::BARKER_E | Ummm... | Tue Oct 31 1995 04:14 | 14 |
| No it won't !
The problem is that a valid packet will pass the first DECswitch
without any problems but if the packet is destined for another segment
via a 2nd DECswitch the source address will get blocked. In our
particular environment we cannot work around this unless we only put
filters on the one DECswitch that is actively connected to the 3COM
network, and the other one operates with normal/auto filtering. This
is a workaround but is a bit limited as if a DECswitch failed we would
have to manually activate the filters on the 2nd DECswitch. The other
workaround is to implement filtering on the 3COM kit, currently this is
being planned.
Euan
|