Configuring a source-port traffic filter

Syntax 


[no] [source-port<port-number|trunk-name>]
Specifies one inbound port or trunk. Traffic received inbound on this interface from other devices will be filtered. The no form of the command deletes the sourceport filter for <port-number> and returns the destination ports for that filter to the Forward action. (Default: Forward on all ports.)
NOTE:

If multiple VLANs are configured, the source-port and the destination ports must be in the same VLAN unless routing is enabled. Similarly, if a VLAN containing both the source and destination is a multinet where either the source or destination port, or both, are on the same subnet.

Syntax 


[drop] <destination-port-list>[forward <port-list>]

Configures the filter to drop traffic for the ports and trunks in the designated <destination-port-list>. Can be followed by forward<destination-port-list> if you have other destination ports set to dropthat you want to change to forward. If no drop or forward action is specified, the switch automatically creates a filter with a forward action from the designated source port (or trunk) to all destination ports (or trunks) on the switch.

Syntax 


[forward]<port-list>

Configures the filter to forward traffic for the ports and/ or trunks in the designated <destination-port-list>. Because forwardis the default state for destinations in a filter, this command is useful when destinations in an existing filter are configured for drop and you want to change them to forward. Can be followed by drop<destination-port-list> if you have other destination ports set to forward that you want to change to drop. If no drop or forward action is specified, the switch automatically creates a filter with a forward action from the designated source port (or trunk) to all destination ports (or trunks) on the switch.

Example

For example, assume that you want to create a source-port filter that drops all traffic received on port 5 with a destination of port trunk 1 (Trk1) and any port in the range of port 10 to port 15. To create this filter you would execute this command:

switch(config)# filter source-port 5 drop trk1,10-15

Later, suppose you wanted to shift the destination port range for this filter up by two ports; that is, to have the filter drop all traffic received on port 5 with a destination of any port in the range of port 12 to port 17. (The Trk1 destination is already configured in the filter and can remain as-is.)With one command you can restore forwarding to ports 10 and 11 while adding ports 16 and 17 to the "drop" list:

switch(config)# filter source-port 5 forward 10-11 drop
16-17