Perle Systems P840 User Manual download pdf (Page 48)

Filtering

In Local Area Networks there may be many different Network and Transport layer protocols that coexist on the same physical

media. TCP/IP, DECNET, and XNS are just a few of the common protocols in use today. Each of these protocols is

encapsulated within an Ethernet frame, and therefore is transparent to the normal bridging function. If you would like to

discriminate against a particular protocol to prevent its use of the bridged LAN facilities, the P840 router provides

programmable filter masks that may be defined to act on any part of the Ethernet frame.

In the examples below, several protocol types and combinations are presented to demonstrate the use of programmable filter

masks to control the protocol traffic between Local Area Network segments. Since there are many possible combinations,

these examples are only representative of some of them.

The Bridge Filter Patterns menu is located under the FILTER SET-UP MENU. Within the Bridge Filter Patterns Menu

there exists a Help function that can be used as a reference during Bridge Filter Pattern creation. This Help function

includes all of the logical operators that may be applied to the mask expression.

Protocol Type Field

Within an Ethernet frame, a protocol field exists at octet 12 and 13. These two octets, or 8-bit bytes, will represent

the type of higher level protocol that exists in the Ethernet frame. There are more than 100 different protocol types

that are defined for use within an Ethernet frame. In many networks there will be fewer than 10 that are in use, but

in many larger networks there may be upwards of 30 or more. This, of course, will depend on the type of equipment

and the applications that are being used within the Local Area Network.

Internet Protocol (IP)

The Internet Protocol (IP) is the most widely used protocol within an Ethernet environment. As a result there may

be a need to restrict in one form or another this protocol traffic.

Filter all IP Packets

To prevent IP traffic from being passed across the bridged network, a mask must be created that represents this

protocol type. The IP protocol type is 0800H.

Since the protocol field starts at octet location 12, the necessary filter mask to prevent IP traffic from traversing the

bridged network is as follows: 12-0800

The 12 is the offset into the Ethernet frame, the “-” is the argument separator, and the 0800 represents the protocol

type of IP.

In this example, whenever a frame is seen on the LAN port, for which this filter mask has been specified, with a

protocol of type equal to IP, the frame will be filtered.

Note that when you filter on IP frames, all frames using the IP protocol will also be filtered. This includes TCP,

UDP, SNMP, etc.

IP, and no more

This example performs just the opposite function to the above example. Only IP packets will be allowed to be

passed across the bridged network.

For this function there must be a method to prevent all but IP packets from being filtered. For this the NOT

(“~”)logical operator is used. The NOT operator specifies that the expression has to be FALSE before the frame is

filtered. In other words, only frames that are NOT equal to the expression will be filtered and discarded.

To create this mask, the following expression is entered: ~(12-0800)

The parenthesis simply ensures that the NOT operator will apply to the entire expression.

1 2 ... 43 44 45 46 47 48 49 50 51 52 53 ... 57 58

No comments

Perle Systems P840 User Manual Page 48