Using named source-port filters

A company wants to manage traffic to the Internet and its accounting server on a 26-port switch. Their network is pictured in Network configuration for named source-port filters. Switch port 1 connects to a router that provides connectivity to a WAN and the Internet. Switch port 7 connects to the accounting server. Two workstations in accounting are connected to switch ports 10 and 11.

Network configuration for named source-port filters

Example:

While named source-port filters may be defined and configured in two steps, this is not necessary. Here we define and configure each of the named source-port filters for our example network in a single step.

Applying example named source-port filters

Once the named source-port filters have been defined and configured we now apply them to the switch ports.

Source port filters applied to switch ports

The show filter command shows what ports have filters applied.

Example of the show filter command

Using the IDX value in the show filter command, we can see how traffic is filtered on a specific port (Value). The two outputs below show a non-accounting and an accounting switch port.

Showing traffic filtered on specific ports

The same command, using IDX 26, shows how traffic from the Internet is handled.

Source port filtering with internet traffic

As the company grows, more resources are required in accounting. Two additional accounting workstations are added and attached to ports 12 and 13. A second server is added attached to port8.

Expanded network configuration for named source-port filters

The following revisions to the named source-port filter definitions maintain the desired network traffic management, as shown in the Action column of the show command.

Network traffic management with source port filters
switch(config)# filter source-port named-filter accounting forward 8,12,13
switch(config)# filter source-port named-filter no-incoming-web drop 8,12,13
switch(config)# show filter source-port

 Traffic/Security Filters

 Filter Name        | Port List         | Action
 ------------------ + ----------------- + ----------------
 web-only           | 2-6,8-9,12-26     | drop 2-26
 accounting         | 7,10-11           | drop 1-6,9,14-26
 no-incoming-web    | 1                 | drop 7-8,10-13

We next apply the updated named source-port filters to the appropriate switch ports. As a port can only have one source-port filter (named or not named), before applying the new named source-port filters we first remove the existing source-port filters on the port.

No filter source-port
switch(config)# no filter source-port 8,12,13
switch(config)# filter source-port 8,12,13 named-filter accounting

The named source-port filters now manage traffic on the switch ports as shown below, using the show filter source-port command.

Named source-port filters managing traffic
switch(config)# show filter source-port

 Traffic/Security Filters

 Filter Name        | Port List         | Action
 ------------------ + ----------------- + ----------------
 web-only           | 2-6,8-9,14-26     | drop 2-26
 accounting         | 7-8,10-13         | drop 1-6,9,14-26
 no-incoming-web    | 1                 | drop 7-8,10-13