Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Accelar(passport) switch IP Filter?

Accelar(passport) switch IP Filter?

Accelar(passport) switch IP Filter?

Does anyone have a handle on this IP filtering option of the Accelar(Passport)1200 switch?  I need to separate 2 logical ip networks that run on the same physical network. ( (

The problem is, I have router that they BOTH need to access on the network....

I do not want any of the machines on the network to see ANY addresses on the network EXCEPT the router (

I though that I may be able to use the IP filtering on a port level telling the switch to drop all traffic from except for   IS THIS POSSIBLE?

If so, can you explain?


RE: Accelar(passport) switch IP Filter?

Wow, you started 21 threads and never found a post useful, I am feeling challenged!


is the best Nortel supplied tutorial that I found. (in the fine print, Global filters have NEVER worked, ignore them)

All Filters are applied as the packet enters the switch and the switch applys Specific masks before it applies less specific masks.

one way to interpet your request is that one port has all the network behind it and all we wish to pass is one address, we can do so by putting a source filter on THAT port which accepts a source of mask but has a default action of drop.  then any packet not from the router is dropped.  (note: technically you can still send to the other network, they just can't reply.)

if the port to also has some addresses on it it gets trickier, as you need a filter for mask but now the default is forward. this just lets .1 by, and a ip Filter for mask to drop with a default to forward  this wipes out the rest of the network.  Packets not for fail both filters and are forwarded  ( again, technically you can still send, but they can't reply)

On could attempt to apply a destination filter pair to every other port of the net to block in both directions, but as there are no sucsessful one way conversations, a one way block should be enough.

Now lets assume only one port has traffic and you wish them to only find, but not the rest of the switch.

you can put a Destination filter on the port with a default of drop and a destination of mask  (again the can still send to, but they can't reply)

if none of my intertepations are correct, try to explain in detail which ports are, which are adn if any are both.

any help?  I confess that while I use IP filters, I only have one subnet that I provide for a subcontractor, that I allow internet access but not local access to the other 32 subnets, but I use this concept.  My main use of IP filters is to raise the priority of the VoIP traffic, where both the action and the default are Forward.  

I tried to remain child-like, all I acheived was childish.

RE: Accelar(passport) switch IP Filter?

Thanks ALOT!!  I am not sure WHY you think I do not find the posts useful... I ALWAYS do!  Is there something that I have not posted somewhere saying that they are?

Anyway, the info you gave me was great, I am however having a problem:

I cannot seem to get my port to have a default action of DROP.  I assign it this action, then check the info on it and it says the default-action is in fact drop, but then when I assign a filter to is, the default action is automatically switched to forward....

I have this network ( I know its different then before..)) which will be only behind port 3/15 on the switch... this network needs to access the WAN via ip address router)  I need to PREVENT anyone on the network from seeing the network, and I thought the best way to do that would be to create a destination filter for the 3/15 port which has the address of the network on the other side of the WAN that it needs to access.  The I would tell the port to DROP all other traffic by default... I was assuming that if my DESTINATION was within the scope of the filter, then it would pass the traffic even if it has to go to to get there since the routing table will tell it that.  Is this right??



RE: Accelar(passport) switch IP Filter?

you have the option to mark useful post in the lower left corner, you never have

I tried to remain child-like, all I acheived was childish.

RE: Accelar(passport) switch IP Filter?

ahh... nover actually took notice to that... thanks!  and I gave you a good post click.  

RE: Accelar(passport) switch IP Filter?

I have looked at my Accelars; I cannot find where I ever used drop as a default action. Trying it out it refuses to accept it and changes it back.  

"Default action of drop is functional in ARU3 The action of not supported in ARU2." in the PDF I refenced you to, sigh.

Your accelar must be a similar age to mine, -A is ARU2  -B is ARU3

I tried to remain child-like, all I acheived was childish.

RE: Accelar(passport) switch IP Filter?

Yes, mine is OLD too!  lol  anyway, I have what may turn out to be an easier solution.  Is there a way to just separate these networks logically?  I tried to assign another ip address to my default Vlan, but it said that "multinetting" is not supported... my plan was to have it repsond to this second ip address, then apply filters across all ports in the switch:

one dropping traffic from to

one dropping traffic from to (in case there was something I was not thinking of)

I assume traffic with a destination ip of a network across the WAN would be forwarded via (Wan router) since the actual DESTINATION address is not but only uses this address to get to the destination.

Anyway, so I can separate them logically instead of physically.  I am just not real experienced with this technique...  Can I do this with filters?  OR, is there a better way??

Thanks again for all your help!!


Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close