Configuring Port Filtering

Parent topic: VLAN Configuration

Configuring Acceptable Frame Type

It is possible to configure an acceptable frame type for a port as one of the following:

  • All frames
  • Tagged frames
  • Untagged and priority tagged frames
  1. Execute the following commands to configure the acceptable frame type for the port.
    perform the following:
    • Enter the Global Configuration Mode.
    iS5comm# configure terminal
    • Enter the Interface Configuration Mode.
    iS5comm(config)# interface gigabitethernet 0/2
    • Configure the acceptable frame type for the port.
    iS5comm(config-if)# switchport acceptable-frame-type tagged
    • Exit from the Interface Configuration Mode
    iS5comm(config-if)# end
  2. View the configuration information by executing the following show command 
    vlan port config port gigabitethernet 0/2
    vlan Port configuration table
    -------------------------------
    Port Gi0/2
    Bridge Port Type                    : Customer Bridge Port
    Port Vlan ID                        : 10
    Port Acceptable Frame Type          : Admit Only Vlan Tagged
    Port Mac Learning Status            : Enabled
    Port Ingress Filtering              : Enabled
    Port Mode                           : Hybrid
    Port Gvrp Status                    : Disabled
    Port Gmrp Status                    : Disabled
    Port Gvrp Failed Registrations      : 0
    Gvrp last pdu origin                : 00:00:00:00:00:00
    Port Restricted Vlan Registration   : Disabled
    Port Restricted Group Registration  : Disabled
    Mac Based Support                   : Disabled
    Subnet Based Support                : Disabled
    Port-and-Protocol Based Support     : Enabled
    Default Priority                    : 0
    Filtering Utility Criteria          : Default
    Port Protected Status               : Disabled
    Ingress EtherType                   : 0x8100
    Egress EtherType                    : 0x8100
    Egress TPID Type                    : Portbased
    Allowable TPID 1                    : 0x0
    Allowable TPID 2                    : 0x0
    Allowable TPID 3                    : 0x0
    Reflection Status                   : Disabled
    -------------------------------------------------------
    Note:
    When set to “tagged”, the device will discard untagged and priority tagged frames received on the port and will “admit only VLAN tagged” frames.

Mapping Priority to Traffic Class

Enabling ingress filtering on a port does not allow frames for a VLAN from a port that is not the member port of that particular VLAN.

  1. Execute the following commands to enable ingress filtering on a port.
    perform the following:
    • Enter the Global Configuration Mode.
    iS5comm# configure terminal
    • Enter the Interface Configuration Mode.
    iS5comm(config)# interface gigabitethernet 0/1
    • Enable ingress filtering for that interface.
    iS5comm(config-if)# switchport ingress-filter
    • Exit from the Interface Configuration Mode
    iS5comm(config-if)# end
  2. View the configuration information by executing the following show command - Port Ingress Filtering is set to enabled. 
    show vlan config port gigabitethernet 0/1
    Vlan Port configuration table
    -------------------------------
    Port Gi0/1
    Bridge Port Type                    : Customer Bridge Port
    Port Vlan ID                        : 1
    Port Acceptable Frame Type          : Admit All
    Port Mac Learning Status            : Enabled
    Port Ingress Filtering              : Enabled
    Port Mode                           : Hybrid
    Port Gvrp Status                    : Disabled
    Port Gmrp Status                    : Disabled
    Port Gvrp Failed Registrations      : 0
    Gvrp last pdu origin                : 00:00:00:00:00:00
    Port Restricted Vlan Registration   : Disabled
    Port Restricted Group Registration  : Disabled
    Mac Based Support                   : Disabled
    Subnet Based Support                : Disabled
    Port-and-Protocol Based Support     : Enabled
    Default Priority                    : 0
    Filtering Utility Criteria          : Default
    Port Protected Status               : Disabled
    Ingress EtherType                   : 0x8100
    Egress EtherType                    : 0x8100
    Egress TPID Type                    : Portbased
    Allowable TPID 1                    : 0x0
    Allowable TPID 2                    : 0x0
    Allowable TPID 3                    : 0x0
    Reflection Status                   : Disabled
    -------------------------------------------------------

Configuring Filtering Utility Criteria

Filtering Utility Criteria can be configured as Default or Enhanced. By default, the Filtering Utility Criteria will be selected as Default.
  1. Execute the following commands to change the Filtering Utility Criteria on a port.
    perform the following:
    • Enter the Global Configuration Mode.
    iS5comm# configure terminal
    • Enter the Interface Configuration Mode.
    iS5comm(config)# interface gigabitethernet 0/1
    • Enable ingress filtering for that interface.
    iS5comm(config-if)# switchport filtering-utility-criteria enhanced
    • Exit from the Interface Configuration Mode
    iS5comm(config-if)# end
  2. View the configuration information by executing the following show command - the Filtering Utility Criteria is set to enhanced. 
    show vlan config port gigabitethernet 0/1
    Vlan Port configuration table
    -------------------------------
    Port Gi0/1
    Bridge Port Type                    : Customer Bridge Port
    Port Vlan ID                        : 1
    Port Acceptable Frame Type          : Admit All
    Port Mac Learning Status            : Enabled
    Port Ingress Filtering              : Enabled
    Port Mode                           : Hybrid
    Port Gvrp Status                    : Disabled
    Port Gmrp Status                    : Disabled
    Port Gvrp Failed Registrations      : 0
    Gvrp last pdu origin                : 00:00:00:00:00:00
    Port Restricted Vlan Registration   : Disabled
    Port Restricted Group Registration  : Disabled
    Mac Based Support                   : Disabled
    Subnet Based Support                : Disabled
    Port-and-Protocol Based Support     : Enabled
    Default Priority                    : 0
    Filtering Utility Criteria          : Enhanced
    Port Protected Status               : Disabled
    Ingress EtherType                   : 0x8100
    Egress EtherType                    : 0x8100
    Egress TPID Type                    : Portbased
    Allowable TPID 1                    : 0x0
    Allowable TPID 2                    : 0x0
    Allowable TPID 3                    : 0x0
    Reflection Status                   : Disabled
    -------------------------------------------------------