Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

IP Filter on Nortel 470 switch

1 view
Skip to first unread message

Dave Ward

unread,
Mar 10, 2008, 1:17:31 PM3/10/08
to
Hi,
I've been tasked with configuring a filter on a Nortel 470-48T switch
that will allow a PC to connect to a port, obtain an IP address via
DHCP and once that has been completed only talk to our internet proxy
on ports 9090, 443 and 80. All other packets are to be dropped.

Can anyone shed some light on how to do this.

thanks

Dave

Walter Roberson

unread,
Mar 11, 2008, 10:46:08 AM3/11/08
to
In article <m8rat39a42hb9rgic...@4ax.com>,
Dave Ward <agento...@tbtconnect.com> wrote:

Unfortunately the 470 documents appear now to require login to
Nortel's web site, and it has been a number of years since I scanned
through them.

As best I -recall-, the 470 is not able to handle security at that
level. With newer software releases you could use 802.1x EAP
to control the obtaining of an IP and authentication to the network,
but I don't recall that you could filter down to the port level,
except -perhaps- by QoS'ing everything else down to a rate of 0.
And that QoS could not, my (falible) memory says, be applied
conditionally -- e.g., if you wanted to permit DHCP through
initially then you'd have to continue to allow DHCP through.
On the other hand, some 802.1x implementations permit the port
to be placed into a different VLAN automatically when authenticated,
so it might not be impossible.

As best I -recall- the 470 is not a complicated flexible switch:
I believe it was still the basic menu driven configuration that
did not admit much in the way of conditional processing. The BPS2000
was the switch that tried to do the more complicated processing,
and the BPS2000 begat the 5510 and 5520 layer 3 switches; the 5510
and 5520 have real command lines, and I believe the BPS2000 -might-
have a real CLI as well, but as best I -recall- the 470's CLI was
pretty much only enough to back up the switch configuration.

I could be wrong about the flexibility of a 470 with a modern software rev.
It has been something on the order of 5 years since I looked at the 470
and I think I only touched one in one training class.

Dave Ward

unread,
Mar 11, 2008, 3:08:46 PM3/11/08
to
Thanks Walter,

I believe the 470 does have more functionality with the later software
revisions, it does come with a CLI nowadays. I will stick my head in
the books and give my supplier a call.

cheers

Dave.

0 new messages