Configuring a multicast or protocol traffic filter

Syntax

[multicast <mac-address>]

Specifies a multicast address. Inbound traffic received (on any port) with this multicast address will be filtered. (Default: Forward on all ports.) The noform of the command deletes the multicast filter for the <mac-address> multicast address and returns the destination ports for that filter to the Forwardaction.

[<forward l drop> <port-list>]

Specifies whether the designated destination ports should forward or drop the filtered traffic.

Syntax 


[protocol <ip | ipx | arp | appletalk | sna | netbeui>]

Specifies a protocol type. Traffic received (on any port) with this protocol type will be filtered. (Default: Forward on all ports.)

The noform of the command deletes the protocol filter for the specified protocol and returns the destination ports for that filter to the Forwardaction.

[<forward | drop> <port-list>]

Specifies whether the designated destination ports should forward or drop the filtered traffic.

Example

Suppose you wanted to configure the filters in table 12-3 on a switch. (For more on source-port filters, see Configuring a source-port traffic filter.
Filter Example

Filter Type

Filter Value

Action

Destination Ports

source-port

Inbound ports: A1, A21

Drop

D1-D4

multicast

010000-123456

Drop

C1-C24, D5-D10

multicast

010000-224466

Drop

B1-B4

protocol

Appletalk

Drop

C12-C18, D1

protocol

ARP

Drop

D17, D21-D24
1

*Because the switch allows one inbound port in a source-port filter, the requirement to filter ports A1 and A2 means you will configure two separate source-port filters.

The following commands configure the filters listed above:

Configuring various traffic/security filters