Filters

The ability to filter packets in a modular and scalable way is important for both network security and network management. Access Control Lists (ACL)s provide the capability to filter packets at a fine granularity. Layer 2 ACLs on EVCs (Ethernet Virtual Connection) is a security feature that allows packet filtering based on MAC addresses.

To access Filters screens, go to Layer 2 Management > Filters.

L2 Unicast Filter Configuration

By default, the tab Unicast Filters displays the L2 Unicast Filter Configuration screen.

Figure 1. L2 Unicast Filter Configuration


Screen Objective This screen allows the user to configure the filter for controlling the Unicast packets that the switch needs to process.
Navigation

Layer 2 Management > Filters > Unicast Filters
Fields
  • FDB ID—select the specific identifier of Forwarding Database identifier (FDBID) to make forwarding decisions.
Note:

FDB ID is mapped to VLAN ID to share filtering information among them, this FDB ID can be created using Layer 2 Management > VLAN > Static VLANs
Fields (cont)
Note: If VLANs are mapped to the FID, this will cause the mapped VLANs to operate in Shared VLAN Learning (SVL) mode. VLANs mapped to a unique FID will operate in Independent VLAN Learning Mode (IVL). A SET operation on this table is allowed only when dot1qFutureVLANLearningMode is hybrid. By default, all VLANs will be mapped to the FID equal to their VLAN ID, when dot1qFutureVLANHybridTypeDefault is IVL.
Note: If the value of dot1qFutureVLANHybridTypeDefault is SVL, all VLANs will be mapped to FDB ID 1 (as shown in the figure above).
  • MAC Address—enter the destination Unicast MAC address of the received packet.
  • Allowed Ports—enter the list of ports to which the received packet (with the above set MAC address a should be forwarded.
  • Status—select the status types for configuring Unicast filter. The list contains:
    • Other—specifies that Unicast filter is used currently, but the conditions under which it will remain in use differ from the following values.
    • Permanent—specifies that entry is allowed to reside even after restart of the switch.
    • DeleteOnReset—specifies that entry is deleted on restart of the switch.
    • DeleteOnTimeout—specifies that entry is deleted on expiry of the aging timer.
Buttons
  • Add—adds and saves new configuration.
  • Reset—resets to default value for respective fields and discards all user inputs.
  • Apply—modifies attributes and saves the changes.
  • Delete—deletes the selected entry

L2 Multicast Filter Configuration

Figure 2. L2 Multicast Filter Configuration


Screen Objective This screen allows the user to configure the filter for controlling the multicast packets that the switch needs to process. A multicast access profile is configured to filter incoming reports that can be commonly utilized by all multicast protocols.
Navigation

Layer 2 Management > Filters > Multicast Filters
Fields
  • VLAN ID—select the VLAN ID from the list of VLANs already created in the system.
Note:

VLAN ID can be created using Layer 2 Management > VLAN > Static VLANs

  • MAC Address—enter the destination Multicast MAC address of the received packet.
  • Allowed Ports—enter the list of ports to which the received packet (with the above set MAC address) should be forwarded.
  • Forbidden Ports—enter the list of ports to which the received packet (with the above set MAC address and if received from the configured port) must not be forwarded.
  • Status—select the status types for configuring Multicast filter. The list contains.
    • Other—specifies that Unicast filter is used currently, but the conditions under which it will remain in use differ from the following values.
    • Permanent—specifies that entry is allowed to reside even after restart of the switch.
    • DeleteOnReset—specifies that entry is deleted on restart of the switch.
    • DeleteOnTimeout—specifies that entry is deleted expiry of the aging time
Buttons
  • Add—adds and saves new configuration.
  • Reset—resets to default value and discards all user inputs.
  • Apply—modifies attributes and saves the changes.
  • Delete—deletes the selected entry

Forward Ports Configuration

Figure 3. Forward Ports Configuration


Screen Objective This screen allows the user to configure the ports for Multicast Forwarding.
Navigation

Layer 2 Management > Filters > Multicast Forwarding
Fields
  • VLAN ID—enter the VLAN ID that represents the specific VLAN. This value ranges from 1 to 4094.
  • Forward All Static—enter the static ports allowing Multicast Forwarding.
  • Forward All Forbidden—enter the forbidden ports denying Multicast Forwarding.
  • Forward Unregistered Static—enter the unregistered static ports Multicast Forwarding.
  • Forward Unregistered Forbidden—enter the unregistered forbidden ports denying Multicast Forwarding.
  • Forward All Ports—displays the static ports as well as forward and learnt ports.
  • Forward All Static Ports—displays the static ports allowing Multicast Forwarding.
  • Forward All Forbidden Ports—displays the forbidden ports denying Multicast Forwarding.
Fields (cont)
  • Forward Unregistered Ports—displays all forward unregistered forbidden ports denying Multicast Forwarding.
  • Forward Unregistered Static Ports—displays the unregistered static ports denying Multicast Forwarding.
  • Forward Unregistered Forbidden Ports—displays the unregistered forbidden ports denying Multicast Forwarding.
Buttons
  • Add—adds and saves new configuration.
  • Reset—resets to default value and discards all user inputs.
  • Apply—modifies attributes and saves the changes.