Avaya 3.7 Manuel D’Utilisation
Packet Filtering
Issue 4 May 2005
187
Note:
Note:
This mode should be used when the VSU is dedicated to VPN traffic and is in
parallel with another device (such as a router or firewall) that can resolve ARPs
from the private network to the Internet gateway. This mode should not be used
when the VSU is the only path between network devices and a router with which
those devices need to communicate.
parallel with another device (such as a router or firewall) that can resolve ARPs
from the private network to the Internet gateway. This mode should not be used
when the VSU is the only path between network devices and a router with which
those devices need to communicate.
Drop all fragments - When checked, discards all non-expected IP packet fragments. Normally
used to prevent tiny fragment attacks (RFC1858).
used to prevent tiny fragment attacks (RFC1858).
Drop all short packets - When checked, this function drops all packets that are not a valid
size.
size.
Keep filter statistics (SNMP) - When checked, statistics for this filter are reported via SNMP.
Memo - Use this area to record comments or notes about your filter.
Add Packet Filtering Policy
This screen performs two basic functions, selection of the desired action, and selection of the
traffic type for which a filter is constructed. Additional buttons are provided for Advanced
functions, Close, Next, and Finished
traffic type for which a filter is constructed. Additional buttons are provided for Advanced
functions, Close, Next, and Finished
Action - Two basic actions may be selected: Permit, or Deny. As you would expect, Permit
allows all packets of the Traffic type selected to pass, while Deny blocks all packets of the
Traffic type selected.
allows all packets of the Traffic type selected to pass, while Deny blocks all packets of the
Traffic type selected.
QoS Mark - QoS Mark is a drop-down menu of choices used when differentiated levels of
priority IP packet routing is used. This allows Quality of Service markings to be placed in the
outer IP header when applying the IPSec tunnel mode, thereby allowing “QoS-aware” devices
within an MPLS cloud to maintain the desired level of priority in handling the packets. Packets to
be marked at the VSU are indicated further specification in the filtering criteria.
priority IP packet routing is used. This allows Quality of Service markings to be placed in the
outer IP header when applying the IPSec tunnel mode, thereby allowing “QoS-aware” devices
within an MPLS cloud to maintain the desired level of priority in handling the packets. Packets to
be marked at the VSU are indicated further specification in the filtering criteria.
A comprehensive list of QoS preset markers are provided in the drop-down menu. For
information on the use of these markers, or constructing user defined markers, please refer to
the following for details.
information on the use of these markers, or constructing user defined markers, please refer to
the following for details.
●
RFC 2474: Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6
Headers (http://www.ietf.org/rfc/rfc2474.txt?number=2474)
Headers (http://www.ietf.org/rfc/rfc2474.txt?number=2474)
●
RFC 2598: An Expedited Forwarding PHB (http://www.ietf.org/rfc/
rfc2598.txt?number=2598)
rfc2598.txt?number=2598)
●
You may also wish to check out (http://www.ietf.org/html.charters/diffserv-charter.html)
which contains a set of links to relevant related RFC's including 2497 and 2598.
which contains a set of links to relevant related RFC's including 2497 and 2598.