Cisco Systems BC-109 Manual De Usuario
Configure Administrative Filters for Token Ring Traffic
Configuring Source-Route Bridging BC-135
Configure Administrative Filters for Token Ring Traffic
Source-route bridges normally filter frames according to the routing information contained in the
frame. That is, a bridge will not forward a frame back to its originating network segment or any other
network segment that the frame has already traversed. This section describes how to configure
another type of filter—the administrative filter.
frame. That is, a bridge will not forward a frame back to its originating network segment or any other
network segment that the frame has already traversed. This section describes how to configure
another type of filter—the administrative filter.
Administrative filters can filter frames based on the following methods:
•
Protocol type—IEEE 802 or Subnetwork Access Protocol (SNAP)
•
Token Ring vendor code
•
Source address
•
Destination address
Whereas filtering by Token Ring address or vendor code causes no significant performance penalty,
filtering by protocol type significantly affects performance. A list of SNAP (Ethernet) type codes is
provided in the “Ethernet Type Codes” appendix in the Bridging and IBM Networking Command
Reference.
filtering by protocol type significantly affects performance. A list of SNAP (Ethernet) type codes is
provided in the “Ethernet Type Codes” appendix in the Bridging and IBM Networking Command
Reference.
Filter Frames by Protocol Type
You can configure administrative filters by protocol type by specifying protocol type codes in an
access list. You then apply that access list to either IEEE 802.2 encapsulated packets or to
SNAP-encapsulated packets on the appropriate interface.
access list. You then apply that access list to either IEEE 802.2 encapsulated packets or to
SNAP-encapsulated packets on the appropriate interface.
The order in which you specify these elements affects the order in which the access conditions are
checked. Each condition is tested in succession. A matching condition is then used to execute a
permit or deny decision. If no conditions match, a deny decision is reached.
checked. Each condition is tested in succession. A matching condition is then used to execute a
permit or deny decision. If no conditions match, a deny decision is reached.
Note
If a single condition is to be denied, there must be an access-list command that permits
everything as well, or all access is denied.
To filter frames by protocol type, use the following command in global configuration mode:
You can filter IEEE 802-encapsulated packets on either input or output. The access list you specify
is the one you created that includes the protocol type codes.
is the one you created that includes the protocol type codes.
netbios output-access-filter bytes name
Specify a byte-based access filter on
outgoing messages.
outgoing messages.
Command
Purpose
access-list
access-list-number
{permit | deny}
{type-code
wild-mask | address mask}
Create an access list for filtering
frames by protocol type.
frames by protocol type.
Command
Purpose