Configuring a source-port traffic filter

Syntax:


filter [source-port <port-number|trunk-name>]
no filter [source-port <port-number|trunk-name>]
Specifies one inbound port or trunk. Traffic received inbound on this interface from other devices will be filtered. The no form of the command deletes the source-port filter for <port-number> and returns the destination ports for that filter to the Forward action. (Default: Forward on all ports.)
NOTE:

If multiple VLANs are configured, the source-port and the destination port(s) must be in the same VLAN unless routing is enabled. Similarly, if a VLAN containing both the source and destination is multinetted, the source and destination ports and/or trunks must be in the same subnet unless routing is enabled.

Syntax:


[drop] <destination-port-list> [forward <port-list>]

Configures the filter to drop traffic for the ports and/or trunks in the designated <destination-port-list> . Can be followed by forward <destination-port-list> if you have other destination ports set to dropthat you want to change to forward. If no drop or forward action is specified, the switch automatically creates a filter with a forward action from the designated source port (or trunk) to all destination ports (or trunks) on the switch.

Syntax:


[forward] <port-list>

Configures the filter to forward traffic for the ports and/ or trunks in the designated <destination-port-list> . Because forwardis the default state for destinations in a filter, this command is useful when destinations in an existing filter are configured for drop and you want to change them to forward. Can be followed by drop <destination-port-list> if you have other destination ports set to forward that you want to change to drop. If no drop or forward action is specified, the switch automatically creates a filter with a forward action from the designated source port (or trunk) to all destination ports (or trunks) on the switch.

Example:

For example, assume that you want to create a source-port filter that drops all traffic received on port 5 with a destination of port trunk 1 (Trk1) and any port in the range of port 10 to port 15. To create this filter you would execute this command:

switch(config)# filter source-port 5 drop trk1,10-15

Later, suppose you wanted to shift the destination port range for this filter up by two ports; that is, to have the filter drop all traffic received on port 5 with a destination of any port in the range of port 12 to port 17. (The Trk1 destination is already configured in the filter and can remain as-is.)With one command you can restore forwarding to ports 10 and 11 while adding ports 16 and 17 to the "drop" list:

switch(config)# filter source-port 5 forward 10-11 drop 16-17