About Address FilteringThe process of filtering network traffic is used to reduce the amount of unnecessary traffic over specific segments of a network, thereby maximizing network capacity and performance. It can also be used to restrict the distribution of sensitive information to specific locations. You can configure the line card to selectively filter or forward packets it receives, based on their MAC addresses and protocol types. MAC address filters are stored in NVRAM as permanent entries. Permanent address entries are retained in memory even if power to the line card is interrupted or the line card is reset. Permanent entries are not affected by address aging time, and can exist concurrently with dynamic entries having the same address. You configure a filter by specifying a set of ports that are allowed for a given MAC address. The address can be an individual, multicast, or broadcast address. If a packet has a source or destination MAC address that is listed in the filter, the packet is allowed on the specified set of ports. If the address is not listed in the filter, the packet is dropped (filtered). Source Address FilteringA packet received on an input port is dropped (filtered) if the source address is listed in a filter and the input port is not one of the allowed ports. In addition, the source address is not learned. If the input port is one of the allowed ports, the packet is a candidate for forwarding, based on the behavior of destination address filtering and protocol filtering. Destination Address FilteringA packet about to be placed on an output port is forwarded if the destination address is listed in a filter and the output port is one of the allowed ports. If the address was not previously learned, the packet is flooded to the subset of the allowed ports that are in the forwarding state. |