Inserting a global filter
To insert a global filter:
- From the Device Manager menu bar, choose IP Routing > Filter.
| The Filter dialog box opens with the Filters tab displayed. |
The table below describes the Filters tab fields.
Type
|
The filter type:
- Global
- Destination
- Source
Note: The default is set to Global.
|
DstAddr
|
Destination IP address.
|
DstMask
|
Destination subnet mask.
|
SrcAddr
|
Source IP address.
|
SrcMask
|
Source subnet mask.
|
Id
|
The filter ID (1 to 4096)
|
Name
|
The IP filter name.
|
ProtocolType
|
The IP protocol type (ignore, icmp, tcp, udp)
Note: The default is set to ignore.
|
SrcPort
|
The TCP/UDP source port number.
|
SrcOption
|
The TCP/UDP source port option (equal, notequal, greater, less, ignore)
Note: The default is set to ignore.
|
DstPort
|
The TCP/UDP destination port number.
|
DstOption
|
The TCP/UDP destination port option (equal, notequal, greater, less, ignore)
Note: The default is set to ignore.
|
- From the Filters tab, click Insert.
| The Filters, Insert Filters dialog box opens. |
The table below describes the Filter, Insert Filters dialog box items.
Type
|
Source filter, destination filter, global filter.
|
DstAddr
|
Destination IP address.
|
DstMask
|
Destination subnet mask.
|
SrcAddr
|
Source IP address.
|
SrcMask
|
Source subnet mask.
|
Id
|
The filter ID (1 to 4096).
|
Name
|
The IP filter name.
|
ProtocolType
|
The IP protocol type (icmp, tcp, udp).
|
SrcPort (tcp/udp only)
|
The TCP/UDP source port number.
|
SrcOption (tcp/udp only)
|
The TCP/UDP source port option (ignore, equal, less, greater, or not equal).
|
DstPort (tcp/udp only)
|
The TCP/UDP destination port number.
|
DstOption (tcp/udp only)
|
The TCP/UDP destination port option (ignore, equal, less, greater, or not equal).
|
Mirror
|
Set to enable to mirror the packet to the defined mirror port.
|
TcpConnect (tcp only)
|
Set to enable to allow only TCP connections established from within the network or disable to allow bidirectional establishment.
|
Mode
|
This field can be set to useDefaultAction, forward, drop
forwardToNextHop.
|
StopOnMatch
|
Sets the filter to stop on match, the default setting.
|
MatchIcmpRequest
|
Set MatchIcmpRequest to enable if matching on ICMP request packets should be performed.
|
MatchIpFragment
|
Set MatchIpFragment to enable if matching on fragmented IP packets should be performed.
|
EnableStatistic
|
Set EnableStatistic to enable if you want statistics for this filter.
|
NextHopForwardIpAddr (destination/source filter only)
|
Set NextHopForwardIpAddr to apply filter to the next hop.
|
NextHopUnreachableDropEnable (destination/source filter only)
|
Set NextHopUnreachableDropEnable to enable if you want drop action.
|
DiffServMatchDscpEnable
(destination/source filter only)
|
Set to enable to allow a match on the DS field (8 bits), which is composed of the 6-bit DS codepoint (DSCP) and the 2-bit reserved fields.
|
DiffServMatchDscp
|
This field is used to specify the match value for the DSCP. The user must enter a 6-bit binary value, and, by default, the value is 000000. If the DSCP in the incoming packet matches this value, then this filter is applied to the packet.
|
DiffServMatchDscpReserved
|
This field is reserved for future use. The default is a 2-bit binary value of 00 and should not be changed.
|
DiffServModifyIeee8021PEnable
|
Set to enable to allow the IEEE 802.1p field to be modified on packets ingressing DiffServ access ports only. By default, the IEEE 802.1p field is set to zero.
|
DiffServModifyIeee8021P
|
If you do not want the IEEE 802.1p field set to zero, use this field to specify the value of the IEEE 802.1p field. You first must enter a value, set the ModifyIeee8021PEnable field to false, and then set it to true.
|
DiffServModifyDscpEnable
|
Set to enable to allow the DSCP (6 bits) to be modified on packets ingressing DiffServ access ports only. By default, the DS codepoint is set to 000000.
|
DiffServModifyDscp
|
If you do not want the DSCP set to zero, use this field to specify the value of the DSCP. You first must enter a 6-bit value, set the ModifyDscpEnable field to false, and then set it to true.
|
DiffServTrafficProfileId
|
This field is used to specify which traffic profile should be applied to packets matching this filter. A zero value means do not apply any traffic profile.
|
| You can use this dialog box to select the criteria for global filters and DiffServ filters. |
- In the Type field, select Global.
- In the DstAddr field, type the destination IP address (optional).
- In the DstMask field, type the destination subnet mask (optional).
- In the SrcAddr field, type the source IP address (optional).
- In the SrcMask field, type the subnet mask (optional).
- Type the name of the filter (optional).
- Set the ProtocolType: ignore (none), icmp, tcp, or udp (optional).
- Type the source port, and select the source option (equal, not equal, greater, less, or ignore).
| This step is applicable only if a TCP or UDP protocol was selected. |
- Type the destination port, and select the destination option (equal, not equal, greater, less, or ignore).
| This step is applicable only if a TCP or UDP protocol was selected. |
- Set the following parameters (optional):
- In the Mode field, select the mode (useDefaultAction, forward, drop, or forwardToNextHop).
- In the Set StopOnMatch option box, click to enable or disable.
- In the MatchIcmpRequest option box, click to enable if you want matching on ICMP request packets performed.
- In the MatchIpFragment option box, click to enable if you want matching on fragmented IP packets performed.
- In the EnableStatistic option box, click to enable if you want statistics for this filter.
- Select the DiffServModifyIeee8021PEnable option box if you want to modify the IEEE 802.1p field.
|
Note:
When you enable a traffic filter to modify either the DSCP or the IEEE 802.1p bits, the traffic filter also modifies the other value based on the corresponding value in the QoS ingress tables.
|
- If you do not want to use the IEEE 802.1p value automatically assigned based on the QoS Table, you can enter the modify value of the IEEE 802.1p field.
- In the DiffServModifyDscpEnable option box, click to enable if you want to modify the DiffServ codepoint field.
- In the DiffServModifyDscp field, you can type the value of the DiffServ codepoint if you do not want to use the DSCP value automatically assigned based on the QoS Table.
- Specify the DiffServTrafficProfileId of the traffic profile, if any, to be associated with this filter.
- Click Insert.
| The new filter is displayed in the Filters tab. If you changed the DiffServ filter fields, that information is displayed in the DiffServ tab. |
See also