All rights reserved. Printed in the USA. September 1999.
The information in this document is subject to change without notice. The statements, configurations, technical data,
and recommendations in this document are believed to be accurate and reliable, but are presented without express or
implied warranty. Users must t ak e full re sponsib ility fo r th eir a pplic atio ns o f a ny products specified in this document.
The information in this document is proprietary to Nortel Networks NA Inc.
The software described in this document is furnished under a license agreement and may only be used in accordance
with the terms of that license. A summary of the Software License is included in this document.
Trademarks
NORTEL NETWORKS is a trademark of Nortel Networks.
Bay Networks, AN, BCN, BLN, BN, FRE, LN, Optivity and PPX are registered trademarks and Advanced Remote
Node, ANH, ARN, ASN, BayRS, BaySecure, BayStack, BayStream, BCC, and System 5000 are trademarks of Nortel
Networks.
Microsoft, MS, MS-DOS, Win32, Windows, and Windows NT are registered trademarks of Microsoft Cor poration.
All other trademarks and registered trademarks are t he property of their respective owners.
Restricted Rights Legend
Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph
(c)(1)(ii) of the Rights in Technical Data and Computer Sof tware clause at DFARS 252.227-7013.
Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer
software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in
the Commercial Computer Software-Restricted Rights cl ause at FAR 52.227-19.
Statement of Conditions
In the interest of improvi ng internal design, operational fun c tion , an d/o r re lia bi lity, No rtel Ne tworks NA Inc. re se rv es
the right to make changes to the products described in this document without notice.
Nortel Networks NA Inc. does not assume any liability that may occur due to the use or application of the product(s)
or circuit layout(s) described herein.
SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
In addition, the program and information containe d herein are licensed only pursuant to a license agreement that
contains restrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed
by third parties).
ii
308645-14.00 Rev 00
Nortel Networks NA Inc. Software License Agreement
NOTICE: Please carefully read this license agre ement before copying or using the accompanying software or
installing the hardware unit with pre-enabled software (each of which is referred to as “Software” in this Agreement).
BY COPYING OR USING THE SOFTWARE, YOU ACCEPT ALL OF THE TERMS AND CONDITIONS OF
THIS LICENSE AGREEMENT. THE TERMS EXPRESSED IN THIS AGREEMENT ARE THE ONLY TERMS
UNDER WHICH NORTEL NETWORKS WILL PERMIT YOU TO USE THE SOFTWARE. If you do not accept
these terms and conditions, return the product, unused and in the original shipping container, within 30 days of
purchase to obtain a credit for the full purchase price.
1. License Grant. Nortel Networks NA Inc. (“Nortel Networks”) grants the end user of the Software (“Licensee”) a
personal, nonex clusive, nontransferable license: a) to use the So ftwa re eithe r on a sing le com puter o r, if applicable, on
a single authorized device identified by host ID, for which it was originally acquired; b) to copy the Software solely
for backup purposes in support of authorized use of t he Software; and c) to use and copy the associated user manual
solely in support of authoriz ed use of th e Softwa re b y Licen see. Thi s license applies t o the So ftware o nly and d oes not
extend to Nortel Networks Agent software or other Nortel Networks software products. Nortel Networks Agent
software or other Nortel Networks software products are licensed for use under the terms of the applicable Nortel
Networks NA Inc. Software License Agreement that accompanies such software and upon payment by the end user of
the applicable license fees for such software.
2. Restrictions on use; reservation of rights. The Software and user manuals are protected und er copyright laws.
Nortel Networks and/or its licensors retain all title and ownership in both the Software and user manuals, including
any revisions made by Nortel Networks or its licensors. The copyright notice must be reproduced and included with
any copy of any portion of the Software or user manuals. Licensee may not modify, translate, decompile, disassemble,
use for any competitive analysis, reverse engineer, distribute, or create derivative works from the Software or user
manuals or any copy, in whole or in part. Except as expressly provided in this Agreement, Licensee may not copy or
transfer the Software or user manuals, in whole or in part. The Software and user manuals embody Nortel Networks’
and its licensors’ confidential and proprietary intellectual property. Licensee shall not sublicense, assign, or otherwise
disclose to any third party the Software, or any information about the operation, design, performance, or
implementation of the Software and user manuals that is confidential to Nortel Networks and its licensors; however,
Licensee may grant permission to its consultants, subcontractors, a nd agents to use the Softw are at Licensee’s facility,
provided they have agreed to use the Software only in accordance with the terms of this license.
3. Limited warranty . Nortel Networks warrants each item of Software, as delivered by Nortel Networks and properly
installed and operated on Nortel Networks hardware or other equipment it is originally licensed for, to function
substantially as described in its accompanying user manual during its warranty period, which begins on the date
Software is first shipped to Licensee. If an y item of S oftware f ails to so function d uring its w arranty period, as the sole
remedy Nortel Networks will at its discretion provide a suitable fix, patch, or workaround for the problem that may be
included in a future Software release. Nortel Networks further warrants to Licensee that the media on which the
Software is provided will be free from defec ts in materials and wo rkman ship under no rmal use for a peri od of 90 da ys
from the date Software is first shipped to Licensee. Nortel Networks will replace defective media at no charge if it is
returned to Nortel Netw orks during the warranty period along with proof of the date of ship ment. This warranty does
not apply if the media has been damaged as a result of accident, misuse, or abuse. The Licensee assumes all
responsibility for selection of the Software to achieve Licensee’s intended results and for the installation, use, and
results obtained from the Software. Nortel Networks does not warrant a) that the functions contained in the software
will meet the Licensee’s requirements, b) that the Software will operate in the hardware or software combinations that
the Licensee may select, c) that the operation of the Software will be uninterrupted or error free, or d) that all defects
in the operation of the Softw are will be corrected . Nortel Network s is not obligate d to remedy an y Software defect that
cannot be reproduced with the latest Software release. These warranties do not apply to the Software if it has been (i)
altered, except by Nortel Networks or in accordance with i ts instructions; (ii) used in conjunction with another
vendor’s product, resulting in the de fect; or (iii) damage d by improper environment, abuse, misuse, accident, or
negligence. THE FOREGOING WARRANTIES AND LIMITATIONS ARE EXCLUSIVE REMEDIES AND ARE
IN LIEU OF ALL OTHER WARRANTIES EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY
WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Licensee is responsible
308645-14.00 Rev 00
iii
for the security of its own data and information and for maintaining adequate procedures apart from the Software to
reconstruct lost or altered files, data, or programs.
4. Limitation of liability. IN NO EVENT WILL NORTEL NETWORKS OR ITS LICENSORS BE LIABLE FOR
ANY COST OF SUBSTITUTE PROCUREMENT; SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES; OR ANY DAMAGES RESULTING FROM INACCURATE OR LOST DATA OR LOSS OF USE OR
PROFITS ARISING OUT OF OR IN CONNECTION WITH THE PERFORMANCE OF THE SOFTWARE, EVEN
IF NORTEL NETWORKS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT
SHALL THE LIABILITY OF NORTEL NETWORKS RELA TING TO THE SOFTW ARE OR THIS AGREEMENT
EXCEED THE PRICE PAID TO NORTEL NETWORKS FOR THE SOFTWARE LICENSE.
5. Government Licensees. This provision applies to a ll Softwa re and docum entation acquired d irectly or i ndirectly by
or on behalf of the United States Government. The Software and documentation are commercial products, licensed on
the open market at market prices, and were developed entirely at private expense and without th e use of any U.S.
Government funds. The license to the U.S. Government is granted only with restricted rights, and use, duplication, or
disclosure by the U.S. Government is subject to the restrictions set forth in subparagraph (c)(1) of the Commercial
Computer Software––Restricte d Rig hts cla u se o f FAR 52.227-19 and the limita tions se t o ut in thi s licen se for civilian
agencies, and subparagraph (c)(1)(ii ) of the Rights in Technical Data and Computer Software clause of DFARS
252.227-7013, for agencies of t he Department of Defense or their successors, whichever is applicable.
6. Use of Software in the European Community. This provision applies to all Software acquired for use within the
European Community. If Licensee uses the Software within a country in the European Community, the Software
Directive enacted by the Council of European Communities Directive dated 14 May, 1991, will apply to the
examination of the Software to facilitate interoperability. Licensee agrees to notify Nortel Networks of any such
intended examination of the Software an d may procure support and assistance from Nortel Networks.
7. Term and termination. This license is effective until terminated; however, all of the restrictions with respect to
Nortel Networks’ copyright in the Software and user manuals will cease being effective at the date of expiration of the
Nortel Networks copyright; those restrictions relating to use and disclosure of Nortel Networks’ confidential
information shall continue in effect. Licensee may terminate this license at any time. The license will automatically
terminate if Licensee fails to comply with any of the terms and conditions of the license. Upon termination for any
reason, Licensee will immediat ely destroy or return to Nortel Networks the Software, user manuals, and all copies.
Nortel Networks is not liable to Licensee for damages in any form solely by reason of the termination of this license.
8. Export and Re-export. Licensee agrees not to export, directly or indirectly, the Software or related technical data
or information without first obtaining any required export licenses or other governmental approvals. Without limiting
the foregoing, Licensee, on behalf of itself and its subsidiaries and affiliates, agrees that it will not, without first
obtaining all export licenses and approvals required by the U.S. Government: (i) export, re-export, transfer, or divert
any such Software or technical data, or any direct product thereof, to any country to which such exports or re-exports
are restricte d or em b argoed under United States expo r t con tr o l la w s an d r egulations, or to any national or resident of
such restricted or embargoed countries; or (ii) provide the Software or related technical data or information to any
military end user or for any military end use, including the design, development, or production of any chemical,
nuclear, or biological weapons.
9. General. If any provision of this Agreement is held to be invalid or unenforceable by a court of competent
jurisdiction, the remainder of the provisions of this Agreement shall remain in full force and effect. This Agreement
will be governed by the laws of the state of California.
Should you have any questions concerning this Agreement, contact Nortel Networks, 4401 Great America Par kwa y,
P.O. Box 58 185, Santa Clara, California 95054-8185.
LICENSEE ACKNOWLEDGES THAT LICENSEE HAS READ THIS AGREEMENT, UNDERSTANDS IT, AND
AGREES TO BE BOUND BY ITS TERMS AND CONDITIONS. LICENSEE FURTHER AGREES THAT THIS
AGREEMENT IS THE ENTIRE AND EXCLUSIVE AGREEMENT BETWEEN NORTEL NETWORKS AND
LICENSEE, WHICH SUPERSEDES ALL PRIOR ORAL AND WRITTEN AGREEMENTS AND
COMMUNICATIONS BETWEEN THE PARTIES PERTAINING TO THE SUBJECT MATTER OF THIS
AGREEMENT. NO DIFFERENT OR ADDITIONAL TERMS WILL BE ENFORCEABLE AGAINST NORTEL
NETWORKS UNLESS NORTEL NETWORKS GIVES ITS EXPRESS WRITTEN CONSENT, INCLUDING AN
EXPRESS WAIVER OF THE TERMS OF THIS AGREEMENT.
iv
308645-14.00 Rev 00
Contents
Preface
Before You Begin ............................................................................................................. xv
Text Conventions .............................................................................................................xvi
Table 8-4.Common Protocol IDs for IP Traffic ........................................................8-14
Table 8-5.Actions and Dependencies for Inbound IP Traffic Filters .......................8-17
Table B-1.Predefined Criteria, Ranges, and Actions for Sample Inbound Traffic Filters B-5
Table B-2.User-Defined Criteria and Ranges for Sample Inbound Traffic Filters .... B-6
Table B-3.Sample Criteria, Ranges, and Actions for Protocol Prioritization ............ B-9
xiv
308645-14.00 Rev 00
This guide describes how to configure traffic filters and prioritize traffic on a
Nortel Networks
You can use Site Manager to configure traffic filters on a router. You can use the
Bay Command Console (BCC
Before You Begin
Before using this guide, you must complete the following procedures. For a new
router:
™
router.
Preface
™
) to configure IP inbound traffic filters on a router.
•Install the router (see the installation guide that came with your router).
•Connect the router to the network and create a pilot configuration file (see
Make sure that you are runni ng the lates t versio n of Nortel Netw orks BayRS
Site Manager software. For information about upgrading BayRS and Site
Manager, see the upgrading guide for your version of BayRS.
308645-14.00 Rev 00
Quick-Starti ng Router s , Conf igur ing BaySt ac k Remote Acc ess , or Connecting
ASN Routers to a Network).
™
and
xv
Configuring Traffic Filters and Protocol Prioritization
Text Conventions
This guide uses the following text conventions:
angle brackets (< >)Indicate that you choose the text to enter based on the
description inside the brackets. Do not type the
brackets when entering the command.
Example: If the command syntax is:
ping
<
ip_address
ping 192.32.10.12
>, you enter:
bold text
Indicates command names and options and text that
you need to enter.
Example: Enter
show ip {alerts | routes
Example: Use the
dinfo
command.
}.
braces ({})Indicate required elements in syntax descriptions
where there is more than one option. You must choose
only one of the options. Do not type the braces when
entering the command.
Example: If the command syntax is:
show ip {alerts | routes
show ip alerts or show ip routes
}
, you must enter either:
, but not both.
brackets ([ ])Indicate optional elements in syntax descriptions. Do
not type the brackets when entering the command.
Example: If the command syntax is:
show ip interfaces [-alerts
show ip interfaces
or
]
, you can enter either:
show ip interfaces -alerts
.
ellipsis points (. . . )Indicate that you repeat the last element of the
command as needed.
xvi
Example: If the command syntax is:
ethernet/2/1
ethernet/2/1
[<
parameter> <value
and as many parameter-value pairs as
needed.
. . .
>]
, you enter
308645-14.00 Rev 00
Preface
italic textIndicates file and directory names, new terms, book
titles, and va riables in command syntax descriptions.
Where a variable is two or mor e words, the words are
connected by an underscore.
Example: If the command syntax is:
show at
valid_route
<
valid_route
>
is one variable and you substitute one value
for it.
screen textIndicates system output, for example, prompts and
system messages.
Acronyms
Example:
Set Trap Monitor Filters
separator ( > )Shows menu paths.
Example: Protocols > I P ide nti fies the IP option on the
Protocols menu.
vertical line (
)Separates choices for command keywords and
|
arguments. Enter only one of the choices. Do not type
the vertical line when enteri ng the command.
Example: If the command syntax is:
show ip {alerts | routes
show ip alerts
or
}
, you enter either:
show ip routes
, but not both.
ANSIAmerican National Standards Institute
APPNAdvanced Peer-to-Peer Networking
ARPAddress Resolution Protocol
ATMAsynchronous Transfer Mode
CCITTInternational Telegraph and Telephone Consultative
CLNPConnectionless Network Protocol
308645-14.00 Rev 00
Committee (now ITU-T)
xvii
Configuring Traffic Filters and Protocol Prioritization
CSMA/CDcarrier sense multiple access/collision detection
DEdiscard eligible
DLCdata link control
DLCIdata link connection identifier
DLCMIData Link Control Management Interface
DLSwdata link switching
DSAPdestination service access point
FDDIFiber Distributed Data Interface
FTPFile Transfer Protocol
HDLChigh-level data li nk control
HSSIhigh-speed serial interface
ICMPInternet Con trol Message Proto col
IPInternet P rotocol
IPXInternet Packet Exchange
ISDNIntegrated Services Digital Ne twork
xviii
ISOInte rnational Organization for Standardization
ITU-TInternational Telecommunications
Union–Telecommunications sector (formerly CCITT)
LANlocal area network
LATLocal Area Transport
LLCLogical Link Control
LNMLAN Network Manager
MACmedia access control
MCE1multichannel E1
MCT1multichannel T1
MSBmost significant bit
NLPIDnetwork layer protocol ID
OSIOpen Systems Interconnection
OSPFOpen Shortest Path First (protocol)
308645-14.00 Rev 00
Preface
PPPPoint-to-Point Protocol
PRIprimary rate interface
RIFrouting information field
RIIrouting information indicator
RIPRouting Information Protocol
SAPservice access point
SDLCSynchronous Data Link Control
SMDSswitched multimegabit data service
SNASystems Network Architecture
SNAPSubnetwork Access Protocol
SNMPSimple Network Management Protocol
SRBsource routing bridge
SSAPsource service access point
STPshielded twisted pair
TCP/IPTransmission Control Protocol/Internet Protocol
TelnetTelecommunication network
TFTPTrivial File Transfer Protocol
UDPUser Datagram Protocol
UTPunshielded twisted pair
VINESVirtual Network Systems
WANwide area network
XNSXerox Network System
308645-14.00 Rev 00
xix
Configuring Traffic Filters and Protocol Prioritization
Hard-Copy Technical Ma nua ls
You can print selected technical manuals and release notes free, directly from the
Internet. Go to support.baynetworks.com/library/tpubs/. Find the product for
which you need documentation. Then locate the specific category and model or
version for your hardw are or soft ware product . Usi ng Adobe Ac robat Re ader, you
can open the manuals and releas e notes, search for the sections you ne ed, and print
them on most standard printers. You can download Acrobat Reader free from the
Adobe Systems Web site, www.adobe.com.
You can purchase selected documentation sets, CDs, and technical publications
through the collateral catalog. The catalog is located on the World Wi de Web at
support.baynetworks.com/catalog.html and is divided into sections arranged
alphabetically:
•The “CD ROMs” section lists available CDs.
•The “Guides/Books” section lists books on technical topics.
•The “Technical Manuals” section lists available printed documentation sets.
How to Get Help
xx
If you purchased a service contract for your Nortel Networks product from a
distributor or authorized reseller, contact the technical support staff for that
distributor or reseller for assistance.
If you purchased a Nort el Net wor ks s ervice pr ogram, c ontact one of the f ollowing
Nortel Networks Technical Solutions Centers:
Technical Solutions CenterTelephone Number
Billerica, MA800-2LANWAN (800-252-6926)
Santa Clara, CA800-2LANWAN (800-252-6926)
Valbonne, France33-4-92-96-69-68
Sydney, Australia61-2-9927-8800
Tokyo, Japan81-3-5402-7041
308645-14.00 Rev 00
Chapter 1
Using Traffic Filters
This chapter describes concepts and terms to help you understand and plan for
traffic filter configurations on Nortel Networks routers.
TopicPage
What Are Traffic Filters?1-1
What Is Protocol Prioritization?1-3
Filtering Strategies1-4
Traffic Filter Components1-6
Using Filter Templates1-13
Summary of Traffic Filter Support1-14
What Are Traffic Filters?
Traffic filters are router files that instruct an interface to selectively handle
specified network traffic (packets, frames, or datagrams). You determine which
packets receive special handling based on infor mation f ie lds in t he pack et header s.
Using traffic filters, you can reduce network congestion and control access to
network resources by blocking, forwarding, logging, or prioritizing specified
traffic on an interface.
Note:
Do not confuse traffic filters with other router filters. Traffic filters help
you manage customer traffic. Routing filters help you manage routing control
traffic (such as route table updates).
308645-14.00 Rev 00
1-1
Configuring Traffic Filters and Protocol Prioritization
Nortel Networks routers support two types of traffic filters:
•Inbound traffic filters act on packets that the rout er is receiving.
•Outbound traffic filters act on packets t hat the router is forwardin g.
You can create traffic filters on the following router interfaces:
•Ethernet (10BASE-T and 100BASE-T)
•FDDI
•HSSI
•MCE1
•MCT1
•Synchronous
•Token ring
You can apply multiple traffic filters to a single interface. When more than one
filter applies to a packet, the order of filters determines the filtering result.
Inbound Traffic Filters
1-2
Inbound traffic filters act on packets arriving at a particular router interface. Most
sites use inbound traffic filters primaril y for secu rity, to restrict access to nodes in
a network.
When you configure inbound traffic filters, you specify a set of conditions that
apply to the traffic of a particular bridging or routing protocol. The Configuration
Manager supports inbound traffic filters for the following protocols:
Chapter 3 provides protocol-specific information for designing inbound traffic
filters. Chapt er 6 explains ho w to use the Conf iguration Manager to apply inbound
traffic filters.
Outbound Traffic Filters
Outbound traffic filters act on packets that the router forwards to a local area
network (LAN) or wide area network (WAN) through a particular interface. Most
sites use outbound traffic filters to ensure timely delivery of critical data, or to
restrict traffic leaving the local network.
Outbound traffic filters are not based on a routing protocol, as are inbound traffic
filters. When you con fi gure outbo und traffic filters, you s pecify a s et of cond ition s
that apply to the following packet headers:
•Data link control (DLC) header
•IP header
To use outbound traffic filters, you must select Protocol Priority as one of the
configured prot ocols on an interface. Protocol Priority is enabled by default on
circuits configured with Frame Relay or PPP. Otherwise, you must enable
Protocol Priority the first time you configure outbound traffic filters on an
interface.
Using Traffic Filters
Chapter 4 provides information for designing outbound traffic filters. Chapter 7
explains how to use the Configuration Manager to enable Protocol Priority and
apply outbound traffic filters.
What Is Protocol Prioritization?
Protocol prioritization is an outbound traffic filter mechanism.
With Protocol Priority enabled on an interface, the router sorts traffic into
prioritized delivery queues (High, Normal, and Low), called priority queues.
Priority queues affect the sequence in which data leaves an interface; they do not
affect traffic as it arrives at the router. You use outbound traffic filters to specify
how traffic is sorted into priority queues. By default, all outbound traffic goes to
the Normal queue.
See Chapter 2 to learn more about priority queuing and dequeuing.
308645-14.00 Rev 00
1-3
Configuring Traffic Filters and Protocol Prioritization
Filtering Strategies
This section recommends ways you might use traffic filters in a network. See
Appendix B for specific examples.
Direct Traffic
You can create traf f i c f i lter s that affect a particular protocol’s traffic. F or e xampl e,
you can forward all IP traffic to a next-hop address. You can also create traffic
filters th at affect certain locations on a b ridged network. F or example, if you want
all traffic from a node with a particular source MAC address (perhaps an
application server) to take precedence over other traffic, you can use protocol
prioritization to assign a high priority to any traffic with that source address.
Drop or Accept Traffic
You can configure a router interface to accept only specified traffic and drop all
other packets by configuring inbound traffic filters with specific accept criteria.
Or, to accept most traffic and drop only specified packets, you can configure
inbound traffic filters for the traffic you want to drop.
Note:
For example, to prevent all NetBIOS traffic from ente ring a particular LAN
segment, you can create an inbound traffic filter to drop all packets with a
destination or source SAP code of F0.
Prioritize Traffic
You can use protocol prioritization to expedite traffic coming from a particular
source or going to a particular destination.
When a router treats all packets equally, there is no way to ensure consistent
network services for users who are working with real-time applications. Bulk
transfer applications use too much of the available bandwidth and reduce
interactive response time. These problems are especially noticeable on low-speed
WAN interfaces.
1-4
Drop filters are generally more efficient than Accept filters.
308645-14.00 Rev 00
You can also improve application response time and prevent session timeouts by
implementing protocol prioritization.
Combine Filters
On most interfaces, you can apply as many as 31 inbound and 31 outbound t ra ffic
filters for each protocol. You can configure IP interf aces to su pport as many as 127
inbound traffic filters.
As you add filters to an interface, the Configuration Manager numbers them
chronologically (Filter No. 1, Filter No. 2, Filter No. 3, and so on). The filter rule
number determines the filter’s precedence. Lower numbers have higher
precedence; Filter No. 1 has the highest precedence. If a packet matches two
filters, the filter with the high est precedence (lowest number) applies.
After you create traffic filters, you can change their precedence by reordering
them. See “Changing Inbound Traffic Filter Precedence” on page 6-18 (inbound
traffic filters) or “Changing Outbound Traffic Filter Precedence” on page 7-21
(outbound traffic filters).
Using Traffic Filters
Build a Firewall
If your filtering strategy involves blocking most or all inbound traffic (a firewall)
you can create a Drop-all filter for each protocol on the interface. That means for
each protocol you are filtering, you choose a filter criterion that appears in every
packet of the protocol (for example, a MAC address).
You can also create exceptions to the Drop-all filter by adding more-specific,
higher-precedence filters to allow only specified traffic on an interface. See
“Using a Drop-All Filter As a Firewall” on page B-12 for more information about
combining filters to accept certain traffic.
308645-14.00 Rev 00
1-5
Configuring Traffic Filters and Protocol Prioritization
Traffic Filter Components
The Configuration Manager creates traffic filters from template files that contain
filtering information. Traffic filter templates consist of three components:
•Criteria
The portion of the incoming packet, frame, or datagram header to be
examined
•Ranges
Numeric values (often addresses) to be compared with the contents of
examined packets
•Actions
What happens to packets that match the criteria and ranges specified in a filter
To create a traffic filter, you apply a filter template to a particular router interface.
Table 1-5
filter criteria and actions supported on specific interfaces.
(at the end of this ch apter) summa rizes th e inbound an d outbound t raf fi c
Criteria
1-6
A f
ilter criterion is the portion of a packet, frame, or datagram header to be
examined. You can break down any packet into at least three components:
•The DLC (or data link) header. Examples of data link header types include:
--Token ring (802.5)
--Ethernet V.2 and IEEE 802.3
--FDDI
--PPP and Nortel Networks Standard
--Frame Relay
•The upper-level protocol header. Examples of protocol header types include:
--IP and TC P
--Source route bridging (SRB)
--DLSw
•User data
308645-14.00 Rev 00
Using Traffic Filters
A traffic filter criterion is defined by a byte length and an offset from common bit
patterns (reference points) in the data link or protocol header. The criterion
includes the length of the filtered pattern and an offset from the known reference
point. The traffic filter us es thi s information to locate which portion of a packet t o
examine.
For bridged traffic, predefined criteria are part of the data link header. For routed
traffic, a predefined criterion can be part of the data link header or an upper-level
protocol header.
Inbound traffic filter criteria use reference points in the upper-level protocol
header. You select inbound criteria based on the protocol of the incoming traffic.
Outbound traffic filters use reference points in only the IP or DLSw protocol
headers. You select outbound criteria based on the WAN protocol configured on
the interface (transparent bridge, SRB, PPP, or Frame Relay).
Predefined and User-Defined Criteria
The Configuration Manager provides a selection of default filter criteria
(predefined criteria) for both inbound and outbound traffic filters. Predefined
criteria consist of predefined offsets and lengths from common reference points.
You can also def ine a c rite rion b ase d on bit patt ern s in a pack et hea der that are not
supported in predefined criteria (user-defined criteria). To apply user-defined
criteria, you specify the bit length and offset from a supported reference point.
Chapter 3 lists the supported reference points for inbound traffic filters. lists the
reference points for outbound traffic filters.
To fit your site’s traffic patterns, you can use a combination of predefined and
user-defined criteria in up to 32 traffic filters on each interface.
308645-14.00 Rev 00
1-7
Configuring Traffic Filters and Protocol Prioritization
Predefined Criteria
Table 1-1 summarizes the predefined inbound traffic filter criteria for supported
methods: Ethernet, 802.2 LLC,
Novell Proprietary, 802.2 LLC with
SNAP)
SRB
(Native only; IP-encapsulated SRB
is not supported)
DECnet Phase IVArea (Source or Destination)
DLSwMAC Address (Source or Destination)
IPType of Service
IPXNetwork (Source or Destination)
OSIOSI Area (Source or Destination)
MAC Address (Source or Destination)
Ethernet Type
Novell
802.2 LLC Length
802.2 LLC DSAP
802.2 LLC SSAP
802.2 LLC Control
802.2 SNAP Length
802.2 SNAP Protocol ID
802.2 SNAP Ethernet Type
MAC Address (Source or Destination)
DSAP
SSAP
NetBIOS Name (Source or Destination)
Node (Source or Destination)
DSAP
SSAP
IP Address (Source or Destination)
UDP Port (Source and/or Destination)
TCP Port (Source and/or Destination)
UDP or TCP Source Port
UDP or TCP Destination Port
Established TCP Protocols
Protocol Type
Host Address (Source or Destination)
Socket (Source or Destination)
HeaderTraffic Typ ePredefined Outbound Filter Criteria
IP headerIP Type of Service
308645-14.00 Rev 00
Priority_IP Address (Source and/or
Destination)
UDP Port (Source and/or Destination)
TCP Port (Source and/or Destination)
Established TCP
Protocol Type
Native SRBSSAP
Destination Address
Source Address
PPPProtocol ID
Frame Relay2-byte DLCI
3-byte DLCI
4-byte DLCI
NLPID
(continued)
1-9
Configuring Traffic Filters and Protocol Prioritization
HeaderTraffic Typ ePredefined Outbound Filter Criteria
Data link headerTransparent bridge
(Data Link Type)
Native SRBSSAP
PPPProtocol ID
Frame Relay2-byte DLCI
MAC Address (Source or Destination)
Ethernet Type
Novell
802.2 Length
802.2 DSAP
802.2 SSAP
802.2 Control
802.2 SNAP Length
802.2 SNAP Protocol ID
802.2 SNAP Ethernet Type
DSAP
3-byte DLCI
4-byte DLCI
NLPID
Ethernet Type
(continued)
User-Defined Criteria
1-10
To apply customized criter ia that use fields that are not represented i n a protocol’s
predefined criteria, you can create a user-defined criterion. You specify its
location in the packet header by specifying the following:
•Reference point
A known bit position in the packet header
•Offset
The first posit ion of the filtered bit pattern in relation to the reference point
(measured in bits)
•Length
The total bit length of the filtered pattern
308645-14.00 Rev 00
Ranges
Using Traffic Filters
For each traffic filter criterion, you also specify the valid r ange, a series of target
values that apply to the criterion. For most criteria, you specify an address range.
There must be at least one target value for each criterion. The range can be just
one value or a set of values.
You enter a minimum and a maximum value to specify the range. For a range of
only one value, you enter only the minimum value; the Configuration Manager
automatically uses that value for both the minimum and maximum value.
For examp le, if th e f i lter cr iter ia is MAC Source Address, you must specify whic h
addresses you want the filter to examine. If you specify 0x0000A2000001 as the
minimum range value and 0x0000A2000003 as the maximum range value, the
router checks for packets with a MAC source address between 0x0000A2000001
and 0x0000A2000003, inclusive.
Note:
Chapter 5 lists valid ranges for common traffic filter criteria and
explains how to specify some common address ranges.
Actions
The filter action determines what happens to packets that match a filter criterion’s
ranges. You can apply the following actions to any traffic filter:
•Accept
•Drop
•Log
308645-14.00 Rev 00
The router processes any packet that matches the filter criteria and ranges.
The router does n ot rou te any packet that matches the filter criteria and ranges.
For e v er y pack et tha t matc hes t he f ilt er cr iter ia an d r anges, the r out er s ends an
entry to the system Events log. You can specify the Log action in combination
with other actions.
1-11
Configuring Traffic Filters and Protocol Prioritization
Note: Specify the Log action only to record abnormal events; otherwise, the
Events log will fill up with filtering messages, leaving no room for critical log
messages.
Table 1-3
lists additional protocol-specific actions for inbound traffic filters. See
Chapter 3 for more information.
Table 1-3.Inbound Traffic Filter Actions
ProtocolInbound Traffic Filters
All protocolsDrop
Accept
Log
Transparent bridgeFlood
Forward to Circuit List
Native SRBDirect IP Explorers
Forward to Circuits
DLSwForward to Peer
IPForward to Next Hop
Drop If Next Hop Is Unreachable
Forward to IP Address
Forward to Next Hop Interface
Forward to First Up Next Hop Interface
Detailed Logging
Table 1-4
lists the actions for outbound traffic filters. See Chapter 4 for more
* Outbound traffic filters with a prioritizing action are sometimes called
Dial Service Actions
priority filters.
308645-14.00 Rev 00
Except for the log ac tions, in bound and out bound tra f fi c f ilter a ctions are mutually
exclusive; you can only apply one action to each filter.
Using Filter Templates
When you create traffic filters, it is important to understand the difference
between a traffic filter template and an actual traffic filter.
A traffic filter template is a reusable, predefined specification for a traffic filter.
Each template contains a complete filter specification (criterion, range, and
action) for one protocol, but is not associated with a specific interface or circuit.
You create an actual traffic filter when you use the Configuration Manager to
apply (sav e) a tr af f ic f ilt er template t o a conf igur ed router interf ace. You can apply
a single template to as many interfaces as you want, thus creating multiple filters
for that protocol.
When you want to add a filter to an interface, you have several options:
•If the re i s a t empl at e t ha t contains the e xa ct filtering instructions you w ant f or
this interface, apply that template to the interface.
Using Traffic Filters
•If there is a template that contains filtering instructions similar to what you
•If there is no template containing filtering instruc tions similar to what you
•If t here is an e xisti ng f ilter on the i nterf ace that conta ins inst ructions simil ar to
308645-14.00 Rev 00
want, copy, rename, and edit the template. Then, appl y the ne w template to the
appropriate interface.
want for this interface, you mu st create a temp late from scratch. Then, app ly
the new template to the appropriate interface.
what you want, edit the existing filter and s ave it.
1-13
Configuring Traffic Filters and Protocol Prioritization
Summary of Traffic Filter Support
Table 1-5 summarizes the inbound and outbound traffic filter criteria and actions
* Ethernet, 802.2 LLC, LLC with SNAP, and Novell encapsulations.
† Plus additional actions for transparent bridge, SRB, and IP filters (see Chapter 3).
‡ 802.2 LLC and LLC with SNAP encapsulations.
DECnet IV, DLSw, IP,
IPX, LLC2, OSI, SRB,
XNS, VINES
DECnet IV, DLSw, IP,
IPX, LLC2, OSI, SRB,
XNS, VINES
DECnet IV, DLSw, IP,
IPX, LLC2, OSI, SRB,
XNS, VINES
DECnet IV, DLSw, IP,
IPX, LLC2, OSI, SRB,
XNS, VINES
DECnet IV, DLSw, IP,
IPX, LLC2, OSI, SRB,
XNS, VINES
DECnet IV, DLSw, IP,
IPX, LLC2, OSI, SRB,
XNS, VINES
Transparent bridge,
IP, SRB
Transparent bridge,
IP, SRB
Transparent bridge,
IP, SRB
Transparent bridge,
Frame Relay, IP,
PPP, SRB
Transparent bridge,
Frame Relay, IP,
PPP, SRB
Transparent bridge,
Frame Relay, IP,
PPP, SRB
Transparent bridge,
Frame Relay, IP,
PPP, SRB
Accept, Drop,
Log †
Accept, Drop,
Log †
Accept, Drop,
Log †
Accept, Drop,
Log †
NoneAccept, Drop, Log,
NoneAccept, Drop, Log,
Accept, Drop,
Log †
Accept, Drop, Log
Accept, Drop, Log
Accept, Drop, Log
Accept, Drop, Log
High Queue, Low
Queue, Length, No
Call, No Reset
High Queue, Low
Queue, Length, No
Call, No Reset
Accept, Drop, Log ,
High Queue, Low
Queue, Length, No
Call, No Reset
1-14
308645-14.00 Rev 00
Chapter 2
Using Protocol Prioritization Queues
This chapter desc ribes the pri orit y queues that yo u can i mple ment usi ng out boun d
traffic filters (protocol prioritization).
TopicPage
About Protocol Prioritization2-1
Enabling Protocol Prioritization2-9
Enabling Protocol Prioritization on an ATM Circuit2-10
Tuning Protocol Prioritization2-11
For instructions on using the Configuration Manager to create outbound traffic
filters, see Chapter 7.
About Protocol Prioritization
Site Manager supports protocol prioritization on synchronous (serial), HSSI,
MCE1, and MCT1 interfaces for the following WAN protocols:
•PPP
•Nortel Networks Standard PPP
•Frame Relay
Note:
The DLSw software also allows you to prioritize traffic within DLSw,
based on predefined or user-defined fields at the TCP level. For information
about these DLSw prioritization filters, see Configuring DLSw Services.
308645-14.00 Rev 00
2-1
Configuring Traffic Filters and Protocol Prioritization
While the router is operating, network traffic from various sources converges at
each WAN interface. Without protocol prioritization, the router transmits packets
in a first in, first out (FIFO) order.
With Protocol Priority enabled on an interface, the router sorts traffic into
prioritized delivery queues (High, Normal, and Low), called priority queues. The
router uses a dequeuing algo ri thm to empt y th e pri ori ty queues to transmit traffic.
Generally, the router tran smits higher-priority traffic first. Other configur able
values in the protocol prioritization scheme also affect the transmission of traffic.
T w o of these values are the maximum size of the queue (queue depth) and the line
delay (latency), described in “Tuning Protocol Prioritization” on page 2-11
Protocol prioritization is considered an outbound filter mechanism for these
reasons:
•You use outbound traffic filters to specify how traffic is prioritized.
•Priority queues affect the seque nce in which d ata leaves an interface; they do
not affect traffic as it arrives at the router.
Outbound traf fic filters include priorit izing actions for sp eci fy ing priority queues.
See “Prioritizing Actions” on page 4-11.
.
The following sections describe how the router prioritizes traffic into queues, and
the options for dequeuing:
•Priority Queuing
•The Dequeuing Process
Priority Queuing
With pr otocol prioritization enabled on an interface, the router sends each packet
leaving an inte rface to one of three priority queues:
•High queue
•Normal queu e
•Low queue
The router automatically queues packets that do not match a priority filter to the
Normal queue. To send traffic to the other queues, you create outbound traffic
filters that include a prioritizing action. These are called priority filters.
2-2
308645-14.00 Rev 00
The Dequeuing Process
After queuing packe ts, the route r empties the priorit y queues b y sending the traf f ic
to the transmit queue using one of two dequeuing algorithms:
•Bandwidth Allocation Algorithm
•Strict Dequeuing Algorithm
By default, protocol priorit ization uses the bandwidt h allocat ion algori thm to send
traffic from the three priority queues to the transmit queue. You specify the active
dequeuing algorithm by setting the Prioritization Algorithm Type parameter, as
described in “Editing Protocol Prioritization Parameters
Using Protocol Prioritization Queues
” on page 2-15.
Figure 2-1
70% of bandwidth
illustrates the dequeuing process, with default configuration values.
High
queue
Normal
queue
20% of bandwidth
Dequeuing algorithm
(Default algorithm = bandwidth allocation)
Transmit
queue
(Default latency
= 250 ms)
Physical
interface
Low
queue
10% of bandwidth
TF0001A
Figure 2-1.Protocol Prioritization Dequeuing
308645-14.00 Rev 00
2-3
Configuring Traffic Filters and Protocol Prioritization
Bandwidth Allocation Algorithm
The bandwidth allocation algorithm uses a configurable percentage of bandwidth
for each of the three priority queues to determine how to transmit queued traffic.
The default configuration is as follows:
•High queue -- 70% of bandwidth
•Normal queue -- 20% of bandwidth
•Low queue -- 10% of bandwidth
When the amount of traffic transmitted from a particular queue reaches the
configured percentage, the next-higher-priority queue begins to transmit traffic.
The amount of actual data transmitted depends on the clock speed of the circuit.
You can configure the clock speed on a synchronous interface by setting the
External Clock Speed parameter in the Configuration Manager Edit Sync
Parameters window. (See Configuring WAN Line Services.)
The bandwidth allocation algorithm works as follows:
1.
The transmit queue scans the High queue.
2-4
If there is no traffic in the High queue, the algorithm proceeds to step 3
2.
The router empties all packets from the High queue, up to the configured
bandwidth percent age , into the trans mit queue and then transmits the pack e ts.
The default bandwidth percentage for the High queue is 70 percent. If the
actual bandwidth use is less than the limit, the router empties the High queue
and proceeds to the Normal queue.
3.
The transmit queue scans the Normal queue.
If there is no traffic in the Normal queue, the algorithm proceeds to step 5
4.
The router empties all packets from the Normal queue, up to the configured
bandwidth percentage, into the transmit queue and then transmits the packets.
The default bandwidth percentage for the Normal queue is 20 percent. If the
actual bandwidth use is less than the limit, the router empties the Normal
queue and proceeds to the Low queue.
5.
The transmit queue scans the Low queue.
If there is no traffic in the Low queue, the algorithm returns to step 1
308645-14.00 Rev 00
.
.
.
Using Protocol Prioritization Queues
6.
The router empties all packets from the Low queue, up to the configured
bandwidth percent age , into the trans mit queue and then transmits the pack e ts.
The default bandwidth percentage f or the Low queue is 10 percent. If the
actual bandwidth use is less than the limit, the router empties the Low queue.
7.
The algorithm returns to step 1.
Figure 2-2
illustrates the bandwidth allocation algorithm.
308645-14.00 Rev 00
2-5
Configuring Traffic Filters and Protocol Prioritization
Scan the
High queue.
Are there
packets in the
High queue?
NO
Scan the
Normal queue.
Are there
packets in the
Normal queue?
NO
Scan the
Low queue.
YES
YES
Transmit all
packets, up to
the configured
bandwidth
percentage.
Transmit all
packets, up to
the configured
bandwidth
percentage.
2-6
Are there
packets in the
Low queue?
NO
YES
Transmit all
packets, up to
the configured
bandwidth
percentage.
Figure 2-2.Bandwidth Allocation Algorithm
TF0002A
308645-14.00 Rev 00
Using Protocol Prioritization Queues
Strict Dequeuing Algorithm
Instead of the bandwi dth allocation algorit hm, you can configur e t he rout er to use
the strict de queuing algo rithm to send tr affic to the transmit queue.
Caution:
If the router uses the strict dequeuing algorithm and there is a great
deal of High queue traffic on the network, Normal and Low queue traffic may
never be transmitted.
The strict dequeuing algorithm works as follows:
1.
The transmit queue scans the High queue.
If there is no traffic in the High queue, the algorithm proceeds to step 4
2.
The router empties all packets from the High queue into the transmit queue,
.
up to the latency value or the maximum transmit queue size, and then
transmits the packets.
The transmit queue size is the maximum number of packets in the transmit
queue at one time. You cannot configure this number using Site Manager.
3.
If the latency value is reached, the transmi t queue return s to step 1, sc anning
and emptying traffic from the High queue.
If neither the latency value nor the maximum transmit queue size is reached,
the algorithm proceeds to step 4
4.
The transmit queue scans the Normal queue.
.
If there is no traffic in the Normal queue, the algorithm proceeds to step 7
.
5.
6.
7.
8.
9.
308645-14.00 Rev 00
The router empties all packets from the Normal queue, up to the latency value,
into the transmit queue and then transmits the packets.
If the latency value is reached, the transmi t queue return s to step 1, scanning
and emptying traffic from the High queue.
If the latency value is not reached, the algorithm proceeds to step 7
.
The transmit queue scans the Low queue.
If there is no traffic in the Low queue, the algorithm returns to step 1
.
The router empties all packets from the Low queue, up to the latency value,
into the transmit queue and then transmits the packets.
The algorithm returns to step 1, whether or not the latency value is reached.
2-7
Configuring Traffic Filters and Protocol Prioritization
Figure 2-3 illustrates the strict dequeuing algorithm.
Scan the
High queue.
Are there
packets in the
High queue?
NO
Are there
packets in the
Normal queue?
NO
Are there
packets in the
Low queue?
YES
YES
YES
Transmit all packets.
Transmit all
packets, up to
the latency value.
Transmit all
packets, up to
the latency value.
Was the
maximum transmit
queue size
reached?
NO
Was the
latency value
NO
reached?
Was the
latency value
reached?
NO
YES
YES
YES
2-8
NO
TF0003A
Figure 2-3.Strict Dequeuing Algorithm
308645-14.00 Rev 00
Enabling Protocol Prioritization
You use the Configuration Manager to configure protocol prioritization. To
configure priority queues with default value s, do the foll owing :
1.
Enable Protocol Priority on the cir cuit, as desc r ibed in this section.
2.
Apply outbound traffic filters with prioritizing actions to the circuit, as
described in Chapter 7.
Using Protocol Prioritization Queues
See “Tuning Protocol Prioritization
” on page 2-11 to learn how to customize the
way protocol prioritization works on a circuit.
To enable protocol prioritization:
Site Manager Procedure
You do thisSystem responds
1. In the Configuration Manager window,
click on the circuit interface connector on
which you want to configure protocol
prioritization.
2. Click on
3. Look for Protocol Priority in the Protocols
scroll box.
Site Manager automatically enables protocol
prioritization for certain WAN protocols.
4. If Protocol Priority does not appear in the
Protocols scroll box, choose Protocols >
Add/Delete.
5. Scroll down the li st of protocols and select
Protocol Priority.
6. Click on OK. The Circuit Definition window opens.
Edit Circuit
.The Circuit Definition window opens; the
The Edit Connector window opens.
circuit you selected is highlighted.
If Protocol Priority appears in the
Protocols scroll bo x, protocol prioritizati on
is already enabled for this interface.
The Select Protocols window opens.
From the Circuit Definition window, you can do the following:
•Edit conf igurati on para meters, as describe d in “ Editi ng Protoco l Prioriti zation
•Configure an outbound traffic filter with a priority queue action, as described
308645-14.00 Rev 00
Parameters” on page 2-15.
in Chapter 7.
2-9
Configuring Traffic Filters and Protocol Prioritization
Enabling Protocol Prioritization on an ATM Circuit
You can now set the priorities for the traffic sent across a HSSI and ATM line
interface using protocol prioritization.
You must manually start protocol prioritization on both a HSSI line interface and
an ATM circuit. However, the steps required to enable protocol prioritization for
ATM differ from the steps for all other circuit types. For ATM, you can use
protocol prioritization for IP traffic travelling over an ATM PVC.
To enable protocol prioritization for an ATM circuit:.
Site Manager Procedure
You do thisSystem responds
1. In the Configuration Manager window,
click on the ATM1 connector on which y ou
want to configure protocol prioritization.
2. Click on
3. Click on
4. Click on
.The Edit ATM Connector window opens.
ATM
PVC Protocol Priority
Priority Interface
.The ATM PVC Protocol Priority window
. The ATM Priority Interface List window
The Select Connection Type window
opens.
opens.
opens.
From the ATM Priority List window, you can edit configuration parameters, as
described in Configuring ATM Services.
Note:
You cannot change the percent of bandwidth for the priority queues
when configuring protocol prioritization over ATM.
For more information about protocol prioritization and how to configure and
outbound traffic filter with a priority queue action, see Chapter 7.
2-10
308645-14.00 Rev 00
Tuning Protocol Prioritization
When you enable Protocol Priority on a circuit, the router uses default values that
help determine ho w priori ty f ilters wo rk. These de faults ar e designed t o work well
for most configurations. However, you can customize (or tune) protocol
prioritization to maximize its impact on your network.
This section covers the following topics:
•Tuning Concepts
•Editing Protocol Prioritization Parameters
•Monitoring Protocol Prioritization Statistics
Tuning Concepts
How you tune protocol prioritization depends on whether you are using the
bandwidth allocation algorithm or strict dequeuing algorithm. (See “The
Dequeuing Process” on page 2-3.)
Using Protocol Prioritization Queues
To tune priority queuing with the bandwidth allocation algorithm, consider
adjusting the following configuration defaults:
•Percent of Bandwidth
•Queue Size
To tune priority queuing with the strict dequeuing algorithm, consider adjusting
the following configuration defaults:
•Queue Size
•Latency
Percent of Bandwidth
When using the bandwidth allocation algorithm, you can change the default
allocation of bandwidth for each of the three priority queues.
Queued traffic with large packets often require more than the default bandwidth
allocation. F or example, if statistics indicate that one int er face requires more t han
70 percent of bandwidth to properly transmit high-priority traffic, you can
increase the High Queue Size parameter and decrease the Normal or Low Queue
Size parameter.
308645-14.00 Rev 00
2-11
Configuring Traffic Filters and Protocol Prioritization
If statistics indicate that the High queue does not have enough buffers,
Note:
consider reducing the amount of high-priority traffic. You should be selective
in assigning high-priority status. Too many traffic types with high-priority
status can defeat the purpose of protocol prioritization. With the strict
dequeuing algorithm, t oo much h igh-priori ty traf f ic can resul t in di scarding (or
clipping) normal- and low-priority traffic.
To configure the percent of bandwidth for the priority queues, you edit these
Configuration Manager parameters:
•High Queue Percent Bandwidth
•Normal Queue Percent Bandwidth
•Low Queue Percent Bandwidth
When changing bandwidt h allocati on, remember that t he percen t of band width for
the High queue, Normal queue, and Low queue must total 100 percent.
Queue Size
2-12
Queue size (or queue depth) is the configurable number of packets that each
priority queue can hold. The default value for bandwidth allocation is 20 packets,
regardless of p acket size.
The buffer size for priority queues is not configurable when using the
Note:
strict dequeuing algorithm.
When you set the queue size, you assign buffers (which hold the packets) to each
queue. A queue is full when it exceeds the buffer size. The router discards (clips)
traffic sent to a full queue.
To configure queue size, you edit these Configuration Manager parameters:
•High Queue Size
•Normal Queue Si ze
•Low Queue Size
•High Water Packets Clear
308645-14.00 Rev 00
Using Protocol Prioritization Queues
Queue Size Example
Suppose that you use the default queue size (20 packets) for all three priority
queues. The statistics indicate that the Hi gh queue’ s Cl ipped Pack ets Count is 226,
and its High-Water Packets Mark is 20. This indicates that the High queue has
been full at least once and that the router has discarded 226 packets.
From this information, you can conclude that you have not assigned enough
buffers to the High queue for the amount of high-priority traffic on this interface.
To prevent additional high-priority traffic from being discarded, you can
reconfigure the size of the queues or reevaluate the amount of traffic assigned to
the High queue.
Reconfiguring Queue Size
Suppose that you now look at the statistics of the Normal and Low queues and
find that the Low queue has a Clipped Packets Count of zero and a High-Water
Packets Mark of 06 (Figure 2-4)
. Therefore, you can conclude that there have
never been more than six packets in the Low queue, and the router has not
discarded any low-priority packets.
Figure 2-5.Reconfigured Priority Queue Statistics for the Queue Size
Examples
To see whether this reallocation solves the problem, reset the Clipped Packets
Count and High-Water Packets Mark counters using the Statistics Manager and
check them again later.
Latency
Line delay, or latency, indicates how many bits of normal- or low-priority traffic
the router can allocate to the transmit queue at any one time. The latency value is
the greatest time delay that a high-priority packet can experience.
Latency is based on the line speed of the attached media. The following formula
illustrates how the line speed, b its queued, and latency value are related:
Latency = Bits Queued / Line Speed (b/s)
The default value for latency is 250 milliseconds (ms). This value generally
ensures good throughput and maintains rapid terminal response (rapid echoing of
keystrokes and timely response to commands) over most media.
2-14
You can change the default latency value by setting the Max High Queue Latency
parameter. Keep in mind, however, that if you specify a higher l at ency value (thus
allowing more room on the transmit queue), throughput increases, but terminal
response time decreases. Nortel Networks recommends using the default value of
250 ms.
308645-14.00 Rev 00
Editing Protocol Prioritization Parameters
To edit protocol prioritization parameters:
Site Manager Procedure
You do thisSystem responds
Using Protocol Prioritization Queues
1. In the Circuit Definition window, choose
Protocols > Edit Protocol Priority > Interface.
2. Select the parameter you want to change.
To see additional parameters, use the scroll bar
on the right side of the window.
3. For a description of the parameter, click on
in the Site Manager window, or refer to
Help
the appropriate parameter description in
Appendix A:
•Enable
•High Queue Si ze
•Normal Queue Size
•Low Queue Size
•Max High Queue Latency
•High Water Packets Clear
•Pri oritization Algorithm Type
•High Queue Percent Bandwidth
•Normal Queue Percent Bandwidth
•Low Queue Percent Bandwi dth
•Discard Eligible Bit Low
•Discard Eligible Bit Normal
4. Click on
5. Select the value you want, then click on OK. The Values Selection window closes.
6. Click on OK when you are done setting
protocol prioritization para meters.
.The Valu es Selection window opens,
Values
The Edit Protocol Priority Interface
window opens.
listing valid values for the parameter.
The Edit Protocol Priority Interface
window now displ ays the new value.
You return to the Circuit Definition
window.
308645-14.00 Rev 00
2-15
Configuring Traffic Filters and Protocol Prioritization
Monitoring Protocol Prioritization Statistics
To monitor and manage protocol prioritization, you use the Statistics Manager to
view statistics in the MIB object group
wfApplication.wfDatalink.wfProtocolPriorityGroup. For information about using
the Statistics Manager to view MIB objects and create custom screen reports, see
Configuring and Managing Routers with Site Manager.
To determine whether there are enough buffers in each priority queue for the
traffic flow on your network, use the St atistics Manager to examine the following
protocol prioritization statistics:
•High-Water Packets Mark
The greatest number of packets that have been in each queue.
•Clipped Packets Count
The number of pac ket s tha t have been discarded from eac h queue . ( The rout er
discards packets from priority queues that become full.)
Note:
To determine whether statistics reflect a transient event, you may want
to reset the statistics and check again later before chan ging the priority
queuing configur ation. You can reset the High-Water Packets Mark using the
Configuration Manager Edit Protocol Pri or it y I nt er f ac e window. You can reset
both the Clipped Packets Count and High-Water Packets Mark using the
Statistics Manager.
2-16
Generally, if a queue’s Clipped Packets Count is high and the High-Water Packets
Mark is close to its queue size, that queue does not have enough buffers.
308645-14.00 Rev 00
Chapter 3
Inbound Traffic Filter Criteria and Actions
You create inbound traffic filters using templates that consist of protocol-specific
filter crit er ia , ra nges , and act ion s. To define a n inb ound traff i c filter template, you
need to know the specific criteria and action s that Site Manager suppo r ts for the
applicable protocol.
This chapter lists the following for supported bridging and routing protocols:
•Predefined inbound traffic filter criteria and actions
•Reference points for specifying user-defined criteria
TopicPage
Transparent Bridge Criteria and Actions3-2
Source Route Bridging Criteria and Actions3-5
DECnet Phase IV Criteria and Actions3-7
DLSw Criteria and Actions3-8
IP Criteria and Actions3-9
IPX Criteria and Actions3-11
LLC2 Criteria and Actions3-12
OSI Criteria and Actions3-13
VINES Criteria and Actions3-14
XNS Criteria and Actions3-15
For an overview of traffic filters, templates, and the ir criteria, ranges, and actions,
see Chapter 1. For instructions on using Site Manager to create inbound traffic
filters, see Chapter 6.
308645-14.00 Rev 00
3-1
Configuring Traffic Filters and Protocol Prioritization
Transparent Bridge Criteria and Actions
Transp arent bridge tra f fi c fi lters su pport se v eral encapsula tion methods and media
types. You filter inbound transparent bridge frames based on the contents of the
header fields for one of the four supported encapsulation methods:
•Ethernet
•IEEE 802.2 LLC
•IEEE 802.2 LLC with SNAP
•Novell Proprietary
Figure 3-1
illustrates the header reference fields for each encapsulation method.
Ethernet Header
MAC
Destination
48-bit MAC destination address
48-bit MAC source address
16-bit length/type is TYPE (>1518)
MAC
Source
Length/
Type
IEEE 802.2 LLC Header
MACMAC
Destination
48-bit MAC destination address
48-bit MAC source address
16-bit length/type is LENGTH (<1519)
8-bit DSAP
8-bit SSAP
8-bit Control
Source
Length/
Type
DSAP SSAP Control
IEEE 802.2 LLC with SNAP Encapsulation
MAC
Source
Length/
Type
DSAP
SSAP
Control
Org.
MAC
Destination
48-bit MAC destination address
48-bit MAC source address
16-bit length/type is LENGTH (<1519)
DSAP/SSAP/Control is 0xAAAA03
24-bit Organization Code
16-bit Ethernet Type
Novell Proprietary Encapsulation
MAC
Destination
48-bit MAC destination address
48-bit MAC source address
16-bit length/type is LENGTH (<1519)
Next 16 bits are all ones (part of IPX header)
MAC
Source
Length/
Type
FF FF
Ethernet
TypeCode
TF0007A
Figure 3-1.Header Reference Fields for Transparent Bridge Encapsulation Methods
Table 3-1 indic at es which encapsu lati on methods are support ed for spe cif i c route r
interfaces.
3-2
308645-14.00 Rev 00
Inbound Traffic Filter Criteria and Actions
Table 3-1.Transparent Bridge Encapsulation Support
Encapsulation Method
Router Interface
Ethernet/802.3 (XCVR) YesYesYesYes
FDDI (FDDI)NoYesYesNo
Token ring (TOKEN)NoYesYesNo
Synchronous (COM)YesYesYesYes
Ethernet802.2 LLCLLC with SNAP Novell
Predefined Transparent Bridge Criteria
Each transparent b ri dge encapsulation met hod has specific, pr ede fined criteria for
filtering fram es. These pre defined criteria are based on an offset to a header
reference field (Figure 3-1
predefined criteria for each encapsulation method, and the reference field, offset,
and length for each criterion.
Table 3-2.Predefined Criteria for Transparent Bridge Inbound Traffic
LengthMAC9616
Organization Code (Protoco l ID) DAT A_LI NK2424
Ethernet TypeDATA_LINK4816
) and are a specified length. Table 3-2 lists the
Reference
Field
MAC9616
Offset
(bits)
Length
(bits)
308645-14.00 Rev 00
3-3
Configuring Traffic Filters and Protocol Prioritization
User-Defined Transparent Bridge Criteria
You can create bridge traffic filters with user-defined criteria by specifying an
offset and length to these supported reference fi elds:
Reference FieldDescription
MACPoints to the first byte of the MAC Destination Address
DATA_LINKPoints to the first byte of the DATA_LINK reference field
Transparent Bridge Actions
In addition to the Accept, Drop, and Log actions that are common to all inbound
traffic filters, there are two transparent bridge actions:
•Flood
Specifies that any frame that matches the filter will be forwarded to all
transparent bridge cir cuits, except fo r the circuit from which it was received
•Forward to Circuit List
3-4
Specifies that any frame that matches the filter will be forwarded to the
specified circuits
Note:
The circuit names th at you spec ify for the F orw ard to Ci rcuits a ction ar e
case-sensitive. For example, if the circuit name is E21, but you type
e21
, the
filter will not be saved.
You can specify the Log action wit h any of the ot her acti ons. Ho we ver, you should
specify the Log action only to recor d abnormal events; otherwise, the Events log
will fill up with filtering messages, leaving no room for critical log messages.
308645-14.00 Rev 00
Inbound Traffic Filter Criteria and Actions
Source Route Bridging Criteria and Actions
You filter inbound source route bridging (SRB) traffic based on specified bit
patterns in the native SRB frame header. IP-encapsulated SRB traffic filters are
not supported.
SRB filters affect both explorer and routed frames. However, filters that include
Next Ring as a criteri on af fect only route d frames because the Ne xt Ring refe rence
field does not appear in explorer frames. See Configuring Bridging Services for
information about explorer and routed frames.
Note:
The router applies SRB filters after it processes a packet. The router
receives the packet on the incoming interface and updates the routing
information field (RIF). The filters that you configure then act on the updated
RIF.
Predefined SRB Criteria
Table 3-3 lists the predefined criteria for SRB inbound traffic filters, and the
reference field, offset, and length for each SRB criterion.
Table 3-3.Predefined Criteria for SRB Inbound Traffic Filters
Next Ring NEXT_RING012
Destination MAC AddressHEADER_START048
Source MAC AddressHEADER_START4848
DSAPDATA_LINK08
SSAPDATA_LINK88
Destination NetBIOS NameDATA_LINK120120
Source NetBIOS NameDATA_LINK248120
Specifying an SRB Criterion Range
If you create an SRB filter that includes a Source or Destination NetBIOS Name
criterion, you type the NetBIOS name as the ASCII equivalent of the first 15
characters of the name. If the name has fewer than 15 characters, use ASCII
spaces (0x20) to ensure that the name has exactly 15 characters.
308645-14.00 Rev 00
3-5
Configuring Traffic Filters and Protocol Prioritization
See Chapter 5 for information about specifying SAP and MAC address criteria.
User-Defined SRB Criteria
In addition to the predefined filter criteria, you can create SRB inbound traffic
filters with user-defined criteria by specifying an offset and length to these
reference fields in the SRB h eader:
Reference FieldDescription
NEXT_RINGPoints to the first byte of the NEXT_RING reference field
HEADER_STARTPoints to the first byte of the Destination MAC Address
DATA_LINKPoints to the first byte of the DATA_LINK reference field
SRB Actions
In addition to the Accept, Drop, and Log actions common to all inbound traffic
filters, there are two SRB actions:
•Direct IP Explorers
3-6
Specifies that any explorer frame that matches the filter will be sent to some
number of IP addresses. You must specify these IP addresses.
For this action to work, IP encapsulation must be configured on the filter’s
interface. If IP encapsulation is not configured and a frame matches the filter,
the frame will be flooded as if no filter exists.
•Forward to Circuits
Specifies that any frame that matches the filter will be forwarded to some
number of circuits on the same router. You must specify these circuits.
Note:
The circuit names th at you spec ify for the F orw ard to Ci rcuits a ction ar e
case-sensitive. For example, if the circuit name is E21, but you type
e21
, the
filter will not be saved.
You can specify the Log action wit h any of the ot her acti ons. Ho we ver, you should
specify the Log action only to recor d abnormal events; otherwise, the Events log
will fill up with filtering messages, leaving no room for critical log messages.
308645-14.00 Rev 00
Inbound Traffic Filter Criteria and Actions
DECnet Phase IV Criteria and Actions
You can filter inbound DECnet Phase IV traffic based on specified bit patterns in
the DECnet header.
Predefined DECnet Criteria
Table 3-4 lists the predefined criteria for DECnet Phase IV inbound traffic filters,
and the reference field, offset, and length for each criterion.
Table 3-4.Predefined Criteria for DECnet Phase IV Inbound Traffic
Filters
Criterion NameReference FieldOffsetLength
Destination AreaDEC4_BASE06
Destination NodeDEC4_BASE610
Source Area DEC4_BASE166
Source NodeDEC4_BASE2210
User-Defined DECnet Criteria
In addition to the predef ined DECnet Phase IV fi lter cri teria, you can cre ate traf f ic
filters with user-defined criteria by specifying an offset and length to this
reference field in the DECnet header:
Reference FieldDescription
DEC4_BASEPoints to the first by te in the header
DECnet Actions
The DECnet Phase IV filtering actions are Accept, Drop, and Log.
308645-14.00 Rev 00
3-7
Configuring Traffic Filters and Protocol Prioritization
DLSw Criteria and Actions
You can filter inbound DLSw traffic based on specified bit patterns in the DLSw
header, as defined in RFC 1434.
Predefined DLSw Criteria
Table 3-5 lists the predefined criteria for DLSw inbound traffic filters, and the
reference field, offset, and length for each criterion.
Table 3-5.Predefined Criteria for DLSw Inbound Traffic Filters
Criterion NameReference FieldOffsetLength
Destination MAC AddressDLS_BASE19248
Source MAC AddressDLS_BASE24048
DSAPDLS_BASE2968
SSAPDLS_BASE2888
User-Defined DLSw Criteria
In addition to the predefined DLSw filter criteria, you can create inbound traffic
filters with user-defined criteria by specifying an offset and length to these
reference fields in the DLSw header:
Reference FieldDescription
DLS_CTRL_STARTPoints to the start of the DLSw header
DLS_DATA_STARTPoints to the start of the DLSw data
DLSw Actions
The DLSw filtering actions are as follows:
•Drop, Log -- Common to all inbound traffic filters
•Forward to Peer -- Any frame that matches the filter will be sent to the
3-8
specified DLSw circuits
308645-14.00 Rev 00
IP Criteria and Actions
You can filter IP inbound traffic based on specified bit patterns in one of the
following headers in an IP datagram:
•The IP header
•The header of the upper-level protocol (TCP or UDP, for example)
Predefined IP Criteria
Table 3-6 lists the predefined criteria for IP inbound traffic filters, and the
reference field, offset, and length for each criterion.
Table 3-6.Predefined Criteria for IP Inbound Traffic Filters
Criterion NameReference FieldOffsetLength
Type of ServiceHEADER_START88
Protocol IDHEADER_START728
IP Source AddressHEADER_START9632
IP Destination AddressHEADER_START12832
UDP or TCP Source PortHEADER_END016
UDP or TCP Destination PortHEADER_END1616
Established TCP*
* Allows filtering on the ACK and RESET bits in the TCP header. You do not specify a range for this
criterion
.
Inbound Traffic Filter Criteria and Actions
HEADER_END1073
User-Defined IP Criteria
In addition to the pre def in ed f i lter crit eria, yo u can c reate IP inbound traffic filters
with user-defined criteria by specifying an offset and length to these reference
fields in the IP header (Table 3-7
308645-14.00 Rev 00
).
3-9
Configuring Traffic Filters and Protocol Prioritization
Table 3-7.User-Defined Criteria for IP Inbound Traffic Filters
Reference FieldDescription
HEADER_STARTPoints to the first byte of the Type of Service (ToS)
HEADER_ENDPoints to the last byte of the IP Destination Address
When specifying the user-defined criterion length, use 8 bits whenever possible.
IP inbound traffic filter criteria with a length of 1 bit work onl y when alig ned on a
byte (word) boundary. Lengths from 2 through 7 bits do not work.
IP Actions
In addition to the Accept, Drop, and Log actions common to all inbound traffic
filters, there are the following IP actions:
•Forward to Next Hop
Specifies that any frame that matches the filter will be forwarded to the
next-hop router. You must specify the IP address of the ne xt - hop router. If the
next-hop router is not reachable, any packets matching the filter will be
forwarded normally u nless y ou also specif y Drop If Ne xt Hop Is Unreach able.
3-10
If you specify 255.255.255.255 as the next hop, any frame that matches this
filter will be forwarded normally.
•Drop If Next Hop Is Unreachable
This action is val id only whe n Forward to Next Hop is in use. It specifies th at
if the next-hop address specified is unreachable, the frame is dropped.
•Forward to IP Address
Specifies that any frame that matches the filter will be forwarded to a single
address in a list of specified IP addresses. The destination address of the
original packet changes to the specified IP address.
•Forward to Next Hop Interfaces
Specifies that any frame that matches the filter will be duplicated and
forwarded to a group of next-hop IP addresses that you specify. If none of the
next-hop interfaces is active, the router forwards packets that match the filter
to the packet desti nati on addre ss (unl ess you also sp ecify Drop If Ne xt Hop I s
Unreachable).
308645-14.00 Rev 00
•Forward to First Up Next Hop Interface
Specifies that any frame that matches the filter will be forwarded to a
specified next-hop router or to a network connected to the router. If the
specified hop is not reachable, the filter tries all addresses on the next-hop
interfaces list using ARP messages. If none of the next-hop interfaces is
reachable, the router forwards packets that match the filter to the packet
destination address (unless you also specify Drop If Next Hop Is
Unreachable).
•Detailed Logging
For every packet that matches the filter criteria and ranges, the filter adds an
entry containing IP header information to the system Events log.
IPX Criteria and Actions
You filter inbound IPX traffic based on specified bit patterns in the IPX header.
Predefined IPX Criteria
Inbound Traffic Filter Criteria and Actions
Table 3-8 lists the predefined criteria for IPX inbound traffic filters, and the
reference field, offset, and length for each criterion.
Table 3-8.Predefined Criteria for IPX Inbound Traffic Filters
Configuring Traffic Filters and Protocol Prioritization
User-Defined IPX Criteria
In addition to the predefined filter criteria, you can create traffic filters with
user-def ined cri teria b y specifying an offse t and lengt h to this refer ence fi eld in the
IPX header:
Reference FieldDescription
IPX_BASEPoints to the first byte in the IPX header
IPX Actions
The IPX filtering actions are Accept, Drop, and Log.
LLC2 Criteria and Actions
You can filter inbound LLC2 traffic based on specified bit patterns in the LLC2
header.
Adding an IBM protocol to a cir cuit auto maticall y adds LLC2 . LLC2 traf f ic f ilt ers
apply to LLC2 routed over Frame Relay (also known as native SNA over Frame
Relay) and to any protocol running over LLC2, including Advanced Peer-to-Peer
Networking (APPN) and LAN Network Manager (LNM).
Predefined LLC2 Criteria
Table 3-9 lists the predefined criteria for LLC2 inbound traffic filters, and the
reference field, offset, and length for each criterion.
Table 3-9.Predefined Criteria for LLC2 Inbound Traffic Filters
Criterion NameReference FieldOffsetLength
Destination MAC AddressLLC2_DEST_MAC048
Source MAC AddressLLC2 _SOURCE_MAC 4848
DSAPLLC2_DSAP08
SSAPLLC2_SSAP88
3-12
308645-14.00 Rev 00
User-Defined LLC2 Criteria
In addition to the predefined LLC2 criteria, you can create traffic filters with
user-defined criteria by specifying an offset and length to these reference fields in
the LLC2 header:
Reference FieldDescription
LLC2_DEST_MACPoints to the first byte of the Destination MAC Address
LLC2_DSAPPoints to the first byte of the Destination SAP (DSAP)
LLC2 Actions
The LLC2 filtering actions are Accept, Drop, and Log.
OSI Criteria and Actions
You can configure OSI inbound tr af fic filters based on specified bi t patterns in the
Connectionless Network Protocol (CLNP) header.
Inbound Traffic Filter Criteria and Actions
Predefined OSI Criteria
Table 3-2 lists the predefined criteria for OSI inbound traffic filters, and the
reference field, offset, and length for each criterion.
Table 3-10.Predefined Criteria for OSI Inbound Traffic Filters
Criterion NameReference FieldOffsetLength
Destination AreaOSI_DEST016
Destination System IDOSI_DEST1648
Source AreaOSI_SRC016
Source System IDOSI_SRC1648
308645-14.00 Rev 00
3-13
Configuring Traffic Filters and Protocol Prioritization
User-Defined OSI Criteria
In addition to the predefined OSI filter criteria, you can create traffic filters with
user-defined criteria by specifying an offset and length to these reference fields in
the CLNP header:
Reference FieldDescription
OSI_BASEPoints to the first byte of the CLNP header
OSI_DESTPoints to the last two bytes of the OSI_DEST reference field
OSI_SRCPoints to the last two bytes of the OSI_SRC reference field
OSI Actions
The OSI filtering actions are Accept, Drop, and Log.
VINES Criteria and Actions
You can filter inb ound VINES traffic based on specified b it pat terns in the VINES
header.
Predefined VINES Criteria
Table 3-11 lists the predefined criteria for VINES inbound traffic filters, and the
reference field, offset, and length for each criterion.
Table 3-11.Predefined Criteria for VINES Inbound Traffic Filter s
In addition to the predefined VINES filter criteria, you can create traffic filters
with user-de fined criteria by specifying an offset and length to this reference field
in the VINES h eader:
Reference FieldDescription
VINES_BASEPoints to the first byte in the VINES header
VINES Actions
The VINES filtering actions are Accept, Drop, and Log.
XNS Criteria and Actions
You can filter inbound XNS traffic based on specified bit patterns in the XNS
header.
Inbound Traffic Filter Criteria and Actions
Predefined XNS Criteria
Table 3-12 lists the predefined criteria for XNS inbound traffic filters, and the
reference field, offset, and length for each criterion.
Table 3-12.Predefined Criteria for XNS Inbound Traffic Filters
Configuring Traffic Filters and Protocol Prioritization
User-Defined XNS Criteria
In addition to the predefined filter criteria, you can create traffic filters with
user-def ined cri teria b y specifying an offse t and lengt h to this refer ence fi eld in the
XNS header:
Reference FieldDescription
XNS_BASEPoints to the first byte in the XNS header
XNS Actions
The XNS filtering actions are Accept, Drop, and Log.
3-16
308645-14.00 Rev 00
Chapter 4
Outbound Traffic Filter Criteria and Actions
You create outbound traffic filters using templates that consist of criteria, ranges,
and actions. To define a template, you need to know the specific criteria and
actions that Site Manager supports for outbound traffic filters.
This chapter lists the following:
•Predefined outbound traffic filter criteria and actions
For an overview of traffic filters, templates, and the ir criteria, ranges, and actions,
see Chapter 1. For instructions on using Site Manager to create outbound traffic
filters, see Chapter 7.
Note:
DLSw Services.
308645-14.00 Rev 00
4-2
For information about DLSw outbound traffic filters, see Configuring
4-1
Configuring Traffic Filters and Protocol Prioritization
Selecting Predefined Criteria
Outbound traffic filter criteria are based on the data link header or IP header.
•For bridged traffic, you use predefined criteria based on the data link header.
•For IP-routed traffic, you use predefined criteria based on the IP header.
•For most WAN and LAN routing protocols, you can use predefined criteria
based on either the data link header or the IP header.
•F or Net BIOS, SNA, and other DLSw-encapsulated traffic, you use predef ined
outbound traffic filter criteria based on the DLSw protocol header. For
information about DLSw outbound traffic filters, see Configuring DLSw Services.
This section covers the following topics:
•Predefined Data Link Criteria
•Predefined IP Criteria
•Specifying Criteria Common to IP and Data Link He aders
Predefined Data Link Criteria
You can configure outbound traffic filters based on the predefined data link
criteria listed in Table 4-1
Table 4-1.Predefined Data Link Criteria for Outbound
Traffic Fi lt ers
Packet Component Predefined Criteria
Data link header
(Data Link Type)
.
MAC Source Address
MAC Destination Address
Ethernet Type
Novell
802.2 Length
802.2 DSAP
802.2 SSAP
802.2 Control
802.2 SNAP Length
802.2 SNAP Protocol ID
802.2 SNAP Ethernet Type (Ethertype)
(continued)
4-2
308645-14.00 Rev 00
Outbound Traffic Filter Criteria and Actions
Table 4-1.Predefined Data Link Criteria for Outbound
Traffic Fi lt ers
Packet Component Predefined Criteria
SRBDSAP
PPPProtocol ID
Frame Relay2-byte DLCI
(continued)
SSAP
3-byte DLCI
4-byte DLCI
NLPID
Ethernet Type (Ethertype)
Figure 4-1 shows the Configuration Manager menu path for specifying these
criteria. See Chapter 7 for detailed instructions on creating outbound filters.
308645-14.00 Rev 00
4-3
Configuring Traffic Filters and Protocol Prioritization
4-4
Figure 4-1.Predefined Data Link Criteria for Outbound Traffic Filters
308645-14.00 Rev 00
Predefined IP Criteria
You configure outbound traffic filters for routing protocols based on the
predefined criteria listed in Table 4-2
Table 4-2.Predefined IP Criteria for Outbound Traffic Filters
Packet Type or Component Predefined Criteria
IP headerType of Service
SRBMAC Destination Address
PPPProtocol ID
Frame Relay2-byte DLCI
Outbound Traffic Filter Criteria and Actions
.
IP Source Address
IP Destination Address
Both Source Address
UDP Source Port
UDP Destination Port
TCP Source Port
TCP Destination Port
TCP
TCP
Established TCP P o rt
Protocol
MAC Source Address
SSAP
DSAP
3-byte DLCI
4-byte DLCI
NLPID
UDP Source Port
or
UDP Destination Port
or
Destination Address
and
You can assign as many as 31 outbound traffic filters with IP criteria to an
interface. Figure 4-2
these criteria. See Chap ter 7 f or detailed instructions on using Configuration
Manager to create outbound traffic filters.
308645-14.00 Rev 00
shows the Configuration Manager menu path for specifying
4-5
Configuring Traffic Filters and Protocol Prioritization
Figure 4-2.Predefined IP Criteria for Outbound Traffic Filters
Specifying Criteria Common to IP and Data Link Headers
Several predefined outbound traffic filter criteria are common to both the IP and
data link headers, such as the PPP Protocol ID, SRB SSAP/DSAP, and Frame
Relay DLCI and NLPID criteria.
T o config ure outbound tra ff ic f ilters f or IP-rout ed packets , alwa ys select IP ins tead
of Datalink when choosing the criterion. If you create a filter using a data link
criterion to ide ntify an IP-r outed packet (for ex ample, using t he Ethertype r ange of
0x0800 or the Protocol ID of 0x0021), the filter does not work because the router
code recognizes the IP-routed packet and expects IP filter rules.
4-6
308645-14.00 Rev 00
To configure criteria for both IP and data link reference points, you create two
filters: one with the IP criterion and the other with the Datalink criterion. For
example, if you want to prioritize Frame Relay traffic with data link connection
identifier (DLCI) 400 in the High que ue, create f ilter s for both the IP and Datalink
DLCI criterion, using a range value of 400.
Selecting User-Defined Criteria
To create a filter wit h a us er-defined criterion, you specify the of fset and length to
a supported reference point in the data link or IP packet header. This section
describes the following reference points for specifying user-defined outbound
traffic filter criteria:
•Data Link Reference Points
•IP Reference Points
Data Link Reference Points
Table 4-3 defines the reference points in the data link header from which you can
build user-defined criterion
Outbound Traffic Filter Criteria and Actions
Table 4-3.Data Link Reference Points
Reference PointDefinition
MACPoints to the high-order byte of the destination address
DATA_LINKPoints to the first byte following the length/type criteria
DL_HEADER_STARTPoints to the beginning of the header (beginning of the
DL_HEADER_ENDPoints to the first byte following the DLCI in a Frame Relay
DL_FR_MPEPoints to the NLPID (Frame Relay packets only)
DL_SR_STARTPoints to the beginning of the SRB packet, which is the
DL_SR_DATA_LINKPoints to the first byte following the RIF
Figures 4-3
a packet.
308645-14.00 Rev 00
packet) for PPP and Frame Relay packets
packet, and the first byte following the protocol ID in a PPP
packet
high-order byte of the destination address
and 4-4 show examples of where these reference points are locat ed in
4-7
Configuring Traffic Filters and Protocol Prioritization
DL_HEADER_START
DL_HEADER_END
DL_FR_MPE
DLCI OX03 00 00 80 00 80 C2 00 07 DA SA LENGTH DSAP SSAP
DL_SR_START DL_SR_DATA_LINK
03
00 00 A2 8101
DA SA RIFDSAPSSAP
MACDATA_LINK
Figure 4-3.Data Link Reference Points in an SRB Packet Bridged over
Bay Networks Proprietary Frame Relay
TF0008A
4-8
MAC
TYPE
DATA_LINK
DSAPMAC SAMAC DALENGTH
SSAP
CONTROL
TF0009A
Figure 4-4.Data Link Reference Points in an IEEE 802.2 LLC Header
308645-14.00 Rev 00
IP Reference Points
Table 4-4 defines the reference points in the IP header from which you can build
user-defined criterion. Figure 4-5
points are located in a packet.
Table 4-4.IP Reference Points
Reference PointDefinition
HEADER_STARTPoints to the first byte in the IP header
HEADER_ENDPoints to the first byte following the IP header
IP_WAN_HEADER_STARTPoints to the beginning of the header (beginning
IP_WAN_HEADER_ENDPoints to the first byte following the DLCI in a
IP_SR_STARTPoints to the beginning of the SRB packet, which
IP_SR_DATA_LINKPoints to the first byte following the RIF
Outbound Traffic Filter Criteria and Actions
shows an example of where those reference
of the packet) for PPP and Frame Relay packets
Frame Relay packet, and the first byte following
the protocol ID in a PPP packet
is the high-order byte of the destination address
IP_WAN_HEADER_START
IP_WAN_HEADER_END
FF
HEADER_START
000000034521
HEADER_END
IP_SR_START
0x3000UDP
IP_SR_DATA_LINK
DASPRIF
DSAP
SSAP CONTROL
TF0010A
Figure 4-5.IP Reference Points in an IP-Encapsulated SRB Packet Bridged over PPP
308645-14.00 Rev 00
4-9
Configuring Traffic Filters and Protocol Prioritization
Selecting Actions
For outbound traffic filters, you can specify different types of actions:
•Filtering Actions
•Prioritizing Actions
•Dial Service Actions
Filtering Actions
You can apply the following actions to an outbound traffic filter:
•Accept
The router processes any packet that matches the filter criteria and ranges.
•Drop
The router does n ot rou te any packet that matches the filter criteria and ranges.
•Log
For e v er y pack et tha t matc hes t he f ilt er cr iter ia an d r anges, the r out er s ends an
entry to the system Events log. You can specify the Log action in combination
with other actions.
4-10
•Detailed Log
For every packet that matches the filter criteria and ranges, the router adds a
more-detailed entry to the system Events log, containing IP header
information.
Note:
Specify the Log actions to record abnormal events only; otherwise, the
Events log will fill up with filtering messages, leaving no room for critical log
messages.
308645-14.00 Rev 00
Prioritizing Actions
You can apply the following actions to outbound traffic filters for WAN protocols:
•High
Directs packets that match the filter criteria and ranges to the High queue
•Low
Directs packets that match the filter criteria and ranges to the Low queue
•Length
Uses the length of packets to determine the priority queue
Outbound traffic filters with a prioritizing action are called priority filters.
Note:
You can apply prioritizing actions only to MCE1, MCT1, and
synchronous interfaces. The Configuration Manager does not support priority
filters on the LAN interfaces.
See Chapter 2 for detailed information about protocol prioritization.
Outbound Traffic Filter Criteria and Actions
Dial Service Actions
You can apply the following actions to outbound traffic filters for interfaces
configured as dial-up lines:
•No Call
Packets tha t match the fil ter crit eria and rang es are dropped and do not init iate
a dial connection. (By default, packets transmitted on dial-on-demand lines
always trigger the router to establish a connection.)
•No Reset
Packets that match the filter criteria and ranges are processed but do not reset
the inactivity timer.
Note:
Although No Call and No Reset are available when creating any
outbound traffic filter, these actions are useful only on dial-up interfaces such
as synchronous modem lines or MCT1 interfaces configured with ISDN PRI.
308645-14.00 Rev 00
4-11
Configuring Traffic Filters and Protocol Prioritization
You can use the dial service actions to configure outbound traffic filters that
specify or reduce the type of traffic that initiates dial connections.
For example, you can use dial service actions to configure a dial-on-demand
interface to exchange IP RIP and IPX RIP/SAP routing updates only when the
router initiates connections for data transmission. This reduction in update-only
traffic, called dial optimized routing, prevents unnecessary connections and
reduces line costs.
See Configuring Dial Services for information about dial services such as
dial-on-demand and dial optimized routing.
4-12
308645-14.00 Rev 00
Chapter 5
Specifying Common Criterion Ranges
For every inbound or outbound traffic filter criterion, you must specify a valid
range -- a series of target values appropriate for the criterion. For many criteria,
you specify an address range.
This chapter expl ains how to specify common address ranges and lists valid
ranges.
TopicPage
Specifying MAC Address Ranges5-2
Specifying VINES Address Ranges5-3
Specifying Source and Destination SAP Code Ranges5-4
Specifying Frame Relay NLPID Ranges5-5
Specifying PPP Protocol ID Ranges5-5
Specifying TCP and UDP Port Ranges5-6
Specifying Ethernet Type Ranges5-7
Specifying IP Protocol ID and Type of Service Ranges5-10
308645-14.00 Rev 00
5-1
Configuring Traffic Filters and Protocol Prioritization
Specifying MAC Address Ranges
When you create a traffic filter that includes a Source or Destination MAC
Address criterion, you specify the MAC address range in either canonical format
or most significant bit (MSB) format. Table 5-1
Table 5-1.Format for Specifying MAC Addresses
Address TypeAddress Format
PPPMSB
Bay Networks Standard Frame RelayCanonical
Bay Networks Proprietary PPPCanonical
Token ringMSB*
EthernetCanonical
* For example, to drop the address 0x123456789ABC, specify the filter range in bit-swapped
format: 0x482C6A1E593D.
The following sections provide information about specifying SRB source MAC
addresses and functional MAC addresses.
lists the MAC address formats.
SRB Source MAC Addresses
Consider the following when specifying source MAC addresses for SRB traffic
filters:
•Set the MSB to 1 by addin g the First Bit Set MAC Address
(0x800000000000) to the source MAC address.
For example, to filter token ring packets with the source MAC address of
0x400037450440, first add 0x800000000000. Then, specify the result,
0xC00037450440, as the criteria range.
•If you use a sniffer to analyze packets for their source MAC address, keep in
mind that the routing information indicator (RII) is set to 1 if the routing
information field (RIF) is present, and is set to 0 if there is no RIF.
Bit 0 (the 0x80 bit) of byte 0 (the leftmost byte) is the RII bit, which indicates
the presence of the RIF b it. For exa mp le, a sniffer decodes LAA with the first
byte of 40 as 0x400031740001. If the RIF bit is set, the hexadecimal value of
the packet is 0xC00031740001.
5-2
308645-14.00 Rev 00
SRB Functional MAC Addresses
Functional MA C addr esses a re destinat ion MA C addresse s that alw ays conform to
the following rules:
•Byte 0 = 0xC0
•Byte 1 = 0x00
•The first half of byte 2 = 0x0 to 0x7
Specifying Common Criterion Ranges
Table 5-2
Table 5-2.Functional MAC Addresses
Function NameMAC Address (MSB) Identifying BitEthernet Address
Active Monitor0xC000 0000 0001Byte 5, bit 70x030000000080
Ring Parameter
Server
Ring Error
Monitor
Configuration
Report Server
NetBIOS0xC000 0000 0080Byte 5, bit 00x030000000001
Bridge0xC000 0000 0100Byte 4, bit 70x030000008000
LAN Manager0xC000 0000 2000Byte 4, bit 20x030000000400
User-defined0xC000 0008 0000 to
lists some common functional MAC addresses.
0xC000 0000 0002Byte 5, bit 60x030000000040
0xC000 0000 0008Byte 5, bit 40x030000000010
0xC000 0000 0010Byte 5, bit 30x030000000008
0xC000 4000 0000
Specifying VINES Address Ranges
You specify VINES server address ranges in hexadecimal format. For example, if
the address of a VINES server is
and specify the filter criteria range as
a2482c.0001
0xa2482c0001
Byte 3, bits 0-4;
Byte 2, bits 1-7
0x030000100000 to
0x030002000000
, convert the value to hexadecimal
.
You can obtain a VINES server address as follows:
•From a sniffer trace
•By using the Technician Interface to obtain the value of the
308645-14.00 Rev 00
wfVinesIfEntry.wfVinesIfAdr MIB object
5-3
Configuring Traffic Filters and Protocol Prioritization
Specifying Source and Destina tion SAP Code Ranges
Table 5-3 lists some common SAP codes. The SAP code consists of a 7-bit SAP
address and a 1-bit Command/Response field.
Table 5-3.SAP Codes
SAP CodeDescription
00-01*
02Individual Sublayer Management
03Group Sublayer Management
04-05, 08-09, 0C-0DSNA
06IP
0EProway Network Management
10Novell and SDLC Link Servers
20, 34, ECCLNP ISO OSI
42BPDU
7EX.25 over 802.2 LLC2
80XNS
86Nestar
8EActive Station List
98ARP
AASNAP
BCBanyan VIP
E0Novell IPX
F0IBM NetBIOS
F4, F5LAN Network Manager
F8Remote Program Load
FCIBM RPL
FEISO Network Layer
FFLLC Broadcast
* The Command/Response bit makes the 0x00 byte look like 0x01.
XID or TEST
5-4
Use these val ues to specif y a range for an y Sou rce or Destin ation SAP traf fic filter
criteria.
308645-14.00 Rev 00
Specifying Common Criterion Ranges
Specifying Frame Relay NLPID Ranges
Table 5-4 lists some common Frame Relay network layer protocol ID (NLPID)
values. You use these values to specify ranges for NLPID criteria in an outbound
traffic filter.
Table 5-4.Frame Relay NLPIDs
NLPID (0x)Description
CC*
81, 82, 83OSI
80SNAP
* Use this value only to specify ranges for the criterion selected by choosing
Criteria > Add > IP > Frame Relay > NLPID on the Create Priority/Outbound
Template window. Do not use a data link criterion to specify IP traffic.
IP
Specifying PPP Protocol ID Ranges
Table 5-5 lists some common PPP protocol ID values. See RFC 1700 for a
complete list. You use these values to specify ranges for Protocol ID criteria in an
outbound traffic filter.
Tabl e 5-5 .PP P Proto c o l I Ds
Protocol ID (0x)Description
0021*
0023OSI
0033Stream Protocol (ST2)
* Use this value only to specify ranges for the criterion selected by choosing
Criteria > Add > IP > PPP > Protocol ID on the Create Priority/Outbound
Template window. Do not use a data link criterion to specify IP traffic.
IP
308645-14.00 Rev 00
5-5
Configuring Traffic Filters and Protocol Prioritization
Specifying TCP and U DP Port Ranges
Table 5-6 lists some common TCP port v al ues t o use when speci fying TCP sour ce
or destination port ranges in inbound or outbound IP traffic filters.
Table 5-6.Source and Destination TCP Ports
DescriptionTCP Port
FTP20, 21
Telnet23
SMTP25
DNS53
Gopher70
World Wide Web http80 to 84
DLSw Read P o rt2065
DLSw Write Po rt2067
5-6
Table 5-7
lists some common UDP port values to use when specifying UDP
source or destination port ranges in inbound or outbound IP traffic filters.
Table 5-7.Source and Destination UDP Ports
DescriptionUDP Port
DNS53
TFTP69
SNMP161
SNMPTRAP162
308645-14.00 Rev 00
Specifying Ethernet T y pe Ranges
Table 5-8 lists some common Ethernet Type codes to use when specifying
Ethertype ranges in inbound or outbound traffic filters. See RFC 1700 for a
complete list.
Table 5-8.Ethernet Type Codes
Description
Bay Networks Synchronous Pass-Through80FF
Bay Networks Source Route Traffic (non-Token Ring media)8101
Bay Networks Breath of Life Packet (BofL)8102
Bay Networks Transparent Bridge Traffic on Token Ring8103
Bridged Ethernet over RFC 1490 Frame Relay0007
Bridged Token Ring over RFC 1490 Frame Relay0009
Bridged FDDI over RFC 1490 Frame Relay000A
Bridged PDUs over RFC 1490 Frame Relay000B
lists IP Type of Service codes. See RFC 1700 for information.
lists some common Protocol ID codes for IP
5-10
You use these codes to specify ranges for Protocol or Type of Service criteria in
inbound or outbound IP traffic filters. Select these criteria as follows:
•For an inbound traffic filter -- In either the Create IP Template or Edit IP
Filters window, choose Criteria > Add > IP > Type of Service
Protocol ID.
|
•For an outbound traffic filter -- In either the Create Priority/Outbound
Template window or Edit Priority/Outbound Filters window, choose
Criteria > Add > IP > IP > Type of Service
Protocol.
|
308645-14.00 Rev 00
Chapter 6
Applying Inbound Traffic Filters
This chapter describes how to use the Configuration Manager to configure
inbound traffic filters.
TopicPage
Displaying the Inbound Traffic Filters Window6-2
Preparing Inbound Traffic Filter Templates6-3
Creating an Inbound Traffic Filter6-10
Editing an Inbound Traffic Filter6-11
Enabling or Disabling an Inbound Traffic Filter6-15
Deleting an Inbound Traffic Filter6-16
Specifying User-Defined Criteria6-17
Changing Inbound Traffic Filter Precedence6-18
To complete the procedures in this chapter, you must be familiar with
protocol-specific filtering criteria and actions. Se e Chapter 3 for this information.
308645-14.00 Rev 00
6-1
Configuring Traffic Filters and Protocol Prioritization
Displaying the Inbound Traffic Filters Window
T o apply inbound t raf f ic fi lters t o a part icular interf ace , you f irst displa y the Fil ters
window for the protocol you are filtering.
To display the Filters window for all protocols except DLSw:
Site Manager Procedure
You do thisSystem responds
1. Display the Co nfi gur ation Manager
window .
2. Click on the c irc uit int erface connector (for
example,
3. Click on
4. Choose Protocols > Edit
Filters.
The menu path to the Filters window is
protocol specific.
COM1, XCVR2
Edit Circuit
).
.The Circuit Definition window opens; the
protocol
> Traffic
The Edit Connector window opens.
circuit you selected is highlighted.
The Filters windo w for the selected circuit
Although the Filters window is protocol specific, you use it the same way for all
protocols. Figure 6-1
shows the Bridge Filters window.
308645-14.00 Rev 00
Figure 6-1.Inbound Traffic Filters Window
Preparing Inbound Traffic Filter Templates
Applying Inbound Traffic Filters
To add an inbound traffic filter to a router interface, you apply a protocol-specific
traffic filter template to the circuit. However, you do not alway s need to create a
template; often, you can begin with an existing template. This section describes
how to prepare an inbound traffic filter template by:
•Creating a Template
•Customizing Templates
See “Creating an Inbound Traffic Filter
filter by applying (saving) a filter template to an interface.
308645-14.00 Rev 00
” on page 6-10 to learn how to create the
6-3
Configuring Traffic Filters and Protocol Prioritization
Creating a Template
To create an inbound traffic filter template:
Site Manager Procedure
You do thisSystem responds
1. Display the Filters window (Figure 6-1)
“Displaying the Inbound Traffic Filters Window.”
2. Click on
3. Click on
4. Specify a name for the new template in the Filter
Name field.
Use a descriptive name. For example, the name
Drop_Telnet
Telnet session requests from remote nodes.
5. Choose Criteria > Add >
See Chapter 3 for information about the criteria for
your protocol. Each filter template can use only one
criterion.
6. Specify a range for the selected criterion. To
specify a hexadecimal number, use the prefix 0x.
You must specify at least one range. If the range
consists of just one value, specify that value in the
Minimum value field. See Chapter 5 for information
about common traffic filter ranges.
7. Click on OK. The Add Range window closes. The criterion and
8. To add more ranges, choos e Range > Add. Then,
repeat steps 6 and 7.
Template
Create
suggests the crit erion and a ction to drop
.The Filter Te mplate Management window opens
.The Create Template window for the prot ocol opens
criterion
. See
(Figure 6-2)
(Figure 6-3).
.
The Add Range window opens.
range appear in the Filter Information field of the
Create Template window.
.
You can add up to 100 ranges for each criterion.
9. Choose Action > Ad d >
10. C lick on OK.The Filter Temp late Managem ent window opens
6-4
action
.
(Figure 6-2). The template appears in the templates
list.
308645-14.00 Rev 00
Applying Inbound Traffic Filters
Figure 6-2.Filter Template Management Window
Figure 6-3.Create Template Window
308645-14.00 Rev 00
6-5
Configuring Traffic Filters and Protocol Prioritization
Customizing Templates
There are two ways to customize a filter temp late:
•Copy an existing template , rename it, and then edit it.
This preserv es the origi nal templa te and creat es an e nt irely ne w t empla te wit h
the same criteria and actions. You can t hen modify the n ew temp late to suit
your needs.
•Edit an existing template.
If you do not need to preserve the original template, you can edit it without
first cop yi ng and renaming it. (Changing a template does not affect interfaces
to which the template has already been applied.)
Note:
You can also edit or copy a template using a text editor. The
Configuration Manager stores all templates in the file template.flt.
Copying a Template
To du plicate an existing template:
6-6
Site Manager Procedure
You do thisSystem responds
1. Display the Filters window (Figure 6-1)
See “Displaying the Inbound Traffic
Filters Window.”
2. Click on
3. Select a template.
4. Click on
5. Specify a name for the new template.
Be sure to use a name that refl ects its
contents.
6. Click on OK.The Filter Template Management window
Template
Copy
.The Filter Template Management window
.The Copy Filter Template window opens.
.
opens (Figure 6-2).
opens. The new template appears in the
templates list.
308645-14.00 Rev 00
Applying Inbound Traffic Filters
Editing a Template
After you create or copy a template, edit it as follows:
Site Manager Procedure
You do thisSystem responds
1. Select a template in the Filter Template
Management window.
2. Click on
3. Add or delete predefined criteria,
ranges, and actions (Table 6-1).
4. Click on OK.The Filter Template Management window
5. Click on
.The Edit Template window for the protoco l
Edit
opens (Figure 6-4)
opens (Figure 6-2).
.The Filters window opens (Figure 6-1)
Done
.
.
Table 6-1
actions in the Edit Template window (Figure 6-4)
describes how to add, delete, or modify predefined criteria, ranges, and
.
To add a user-defined criterion, see “Specifying User-Defined Criteria
page 6-17
.
” on
308645-14.00 Rev 00
6-7
Configuring Traffic Filters and Protocol Prioritization
6-8
Figure 6-4.Edit Template Window
308645-14.00 Rev 00
Table 6-1.Using the Edit Template Window
Task Site Manager ProcedureNotes
Applying Inbound Traffic Filters
Add a
criterion
Delete a
criterion
Add a
range
Modify a
range
Delete a
range
Add an
action
Delete
an action
Save the
template
1. Choose Criteria > Add >
Range window opens.
2. Type a range in the Minimum value and
Maximum value fields, then click on OK.
1. Select the criterion to delete in the Filter
Information field.
2. Click on
opens.
3. Click on
1. Select the criterion in the Filte r Information field. You can add up to 100 ranges. If th e range
2. Click on
3. Type a range in the Minimum value and
Maximum value fields, then click on OK.
1. Select the range to modify in the Filter
Information field.
2. Click on
3. Type new values in the Range Min and Range
Max fields.
1. Select the range to delete in the Filter
Information field.
2. Click on
opens.
3. Click on
1. Choose Action > Add >
1. Select an action in the Filter Information field.You must specify at least one action in a
2. Click on
opens.
3. Click on
1. Click on OK. The Filter Template Management
window opens.
. The Delete Criteria window
Delete
.
Delete
. The Add Range window opens.
Add
.
Modify
. The Delete Range window
Delete
.
Delete
. The Delete Action window
Delete
.
Delete
criterion
action
. The Add
.With the exception of the Log action, each
A template can have only one criterion.
You must specify at least one range in a
template.
A template must ha ve a criterion. Specify a
new criterion after deleting one.
consists of a single v alue , type the v alu e in
the Minimum value field only. Use the
prefix 0x to specify a h e xadec imal num ber.
Zero is not a valid entry.
Ranges are listed below the criterion in the
Filter Information field. Selected ranges
appear in the Range Min and Range Max
fields at the bottom of the Edit Template
window.
You must specify at least one range for
each criterion.
template has only one action.
template.
Be sure you have specified:
•Only one criterion
•Only one action
•1-100 ranges
308645-14.00 Rev 00
6-9
Configuring Traffic Filters and Protocol Prioritization
Creating an Inbound Traff ic Filter
You create an inbound traffic filter by applying a filter template to an interface.
Note:
You should create the filters on an interface in order of precede nce. The
first filter you create has the highest precedence and a rule number of 1.
Subsequent filters that you create have lower precedence. For more
information, see “Changing Inbound Traffic Filter Precedence
To create an inbound traffic filter:
Site Manager Procedure
You do thisSystem responds
” on page 6-18.
1. Display the Filters window (Figure 6-1)
See “Displaying the Inbound Traffic Filters
Window” on page 6-2.
2. Click on
3. Select a circuit in the Interfaces field.
4. Select a template in the Templates field.
If the Templates field is empty, complete the
steps in “Preparing Inbound Traffic Filter
Templa tes” on page 6-3.
5. In the Filter Name field, specify a name for
the new filter.
It can be helpful to include the circuit name to
differentiate the template from the filter. For
example, specify
name of a filter that drops inbound Telnet
traffic on the synchronous circuit S42.
6. Click on OK.The Filters window opens.
.The Create Filter window opens
Create
Drop_T elnet_S42
.
(Figure 6-5).
as the
6-10
308645-14.00 Rev 00
Applying Inbound Traffic Filters
Figure 6-5.Create Filter Window
Editing an Inbound Traffic Filter
After you apply an inbound traffic filter to an interface, you can edit its criterion,
ranges, or action. If you used a template that you edited to suit your needs, you
may not need to make further edits.
When you customize a filter, you have the following options:
•Add or delete pre defined criteria
•Add or delete user-defined criteria
•Add or delete actions
•Add, modify, or delete ranges
To add a user-defined criterion, see “Specifying User-Defined Criteria” later in
this chapter.
308645-14.00 Rev 00
6-11
Configuring Traffic Filters and Protocol Prioritization
To add predefined criteria, ranges, and actions, or delete any criterion, range, or
action:
Site Manager Procedure
You do thisSystem responds
1. Display the Filters window (Figure 6-1)
See “Displaying the Inbound Traffic Filters
Window” on page 6-2.
2. Select a filter.
3. Click on
4. Add or delete predefined criteria, ranges,
and actions (Table 6-2).
5. Click on OK.The Filters window opens.
Table 6-2
.The Edit Filters window opens
Edit
describes how to add, delete, or modify predefined criteria, ranges, and
actions in the Edit Filters window (Figure 6-6)
.
(Figure 6-6)
.
.
6-12
308645-14.00 Rev 00
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.