| 摘要 |
<p>A secure network having means for controlling the flow of packets within the network. In one embodiment, the network includes a plurality of network devices coupled together at a LAN switch. Each network device is physically connected to a port of the LAN. Each port has a packet filter which receives at least a portion of a packet arriving at the port and determines whether the packet is authorized to pass through the port and be routed to a destination address. The filters may use pattern matching or other techniques for determining whether packets satisfy applicable access rules. The access rules are determined by a system administrator and downloaded to the LAN switch for implementation by the filters. Each filter may implement a different set of access rules and the filters may be used by the administrator to set access levels for selected network devices or to isolate particular devices.</p> |
