Enterasys Networks CSX5500 User Guide
USER’S GUIDE
302 CyberSWITCH
Sample packet passing through a filter
F
ILTER
C
OMPOSITION
The IP filtering mechanism is composed of three fundamental building blocks:
•
Packet Types
The criteria for describing an IP datagram’s contents: IP Source and Destination Addresses,
Protocol (TCP, UDP, etc.), Protocol-specific fields (TCP port, etc.). For example, Packet Types
can be set up to specify such things as: “all packets arriving from IP Subnetwork X”, “Telnet
packets destined for host Y”, or “All RIP packets”. Packet Types are independently defined and
may be referenced by multiple filters.
The criteria for describing an IP datagram’s contents: IP Source and Destination Addresses,
Protocol (TCP, UDP, etc.), Protocol-specific fields (TCP port, etc.). For example, Packet Types
can be set up to specify such things as: “all packets arriving from IP Subnetwork X”, “Telnet
packets destined for host Y”, or “All RIP packets”. Packet Types are independently defined and
may be referenced by multiple filters.
•
Conditions
A Packet Type combined with an Action to take when a datagram matches that type. The
Actions are DISCARD or FORWARD.
A Packet Type combined with an Action to take when a datagram matches that type. The
Actions are DISCARD or FORWARD.
•
Filter
An ordered list of Conditions. When an IP datagram passes through a filter, a sequential pass
is made through the individual conditions. The first complete match of a Packet Type dictates
the action which is applied to the datagram. When the action is DISCARD, the datagram is
dropped. The filter also contains a configurable Final Condition which specifies the action to
take if no match is found.
is made through the individual conditions. The first complete match of a Packet Type dictates
the action which is applied to the datagram. When the action is DISCARD, the datagram is
dropped. The filter also contains a configurable Final Condition which specifies the action to
take if no match is found.
T
YPES
OF
F
ILTERS
Forwarding Filters
A Forwarding Filter is a filter which forwards or discards specific packets according to whether
these packets fulfill a list of defined conditions.Forwarding Filters may be applied to packets in one
of the following ways:
•
these packets fulfill a list of defined conditions.Forwarding Filters may be applied to packets in one
of the following ways:
•
Globally
: independent of the packet’s input or output path.
•
through the Input Network Interface: applies the filter only to packets arriving on a specific
IP Packet
Discard
Type 1
Forward
Type 4
Discard
Type 3
FILTER
Discard
All Other Types
Conditions
Final
Condition
Condition
Packet Types:
Type 1: www,www,www
Type 2: xxx,xxx,xxx
Type 3: yyy,yyy
Type 4: zzz,zzz
Type 2: xxx,xxx,xxx
Type 3: yyy,yyy
Type 4: zzz,zzz
Action:
Discard/Forward
Discard/Forward