.svg?sv=2022-11-02&spr=https&st=2024-09-19T23%3A57%3A04Z&se=2024-09-20T00%3A07%3A04Z&sr=c&sp=r&sig=mc1Zq9EAtVtkMHajuoF2os1LQBpfSmbLE3zjZidHnm8%3D){kind=logo}
Defining Filters
- 07 Apr 2022
- 16 Minutes to read
- Contributors
- Print
- PDF
Defining Filters
- Updated on 07 Apr 2022
- 16 Minutes to read
- Contributors
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
You can set up a specific filter (Layer-2, IPv4 or IPv6) for use with loopbacks, measuring bandwidth utilization per flow or traffic policies. By using such a filter, you can loop back traffic or set up a traffic policy based on specific characteristics such as Ethernet Header settings, VLAN settings and DSCP for Layer-2 filters, or based on IPv4/IPv6 Header settings, UDP/TCP settings and VLAN settings. You can also use the preconfigured Layer-2, IPv4 or IPv6 filters.
Note: The maximum number of traffic policies using a specific filter (Layer-2 filter, IPv4 or IPv6 filter) is limited by the type of unit you use. Refer to your unit’s datasheet for the maximum number of supported traffic policies.
Configuring a Layer-2 Filter
To set up a Layer-2 filter
Access the page Traffic ▶ Filters ▶ L2 Filters.
A summary of all Layer-2 filters that are currently set up is displayed. For more information on specific parameters, refer to the table at the end of this procedure.
The total number of filters found in the system is given in the lower-left corner of the page, as well as the index values of the items currently displayed on-screen (for example, [1-25] of 54). Use the page navigation links in the lower-right corner of the page to move between the pages of results.
Note: Commonly-used filters have been predefined for your convenience.Click Add to add a new filter or click the Filter Name of an existing Layer-2 filter to edit its settings.
Check the appropriate check box to enable this field, complete the required fields, then click Add.
Notes:For all fields, check the box to enable the field. If the check box is not selected, the value will be ignored.
You can specify several VLAN fields for the first VLAN (VLAN 1) as well as for the second level VLAN (VLAN in VLAN).
For more information on specific parameters, refer to the following tables.
Layer-2 Filters (Traffic ▶ Filters ▶ L2 Filters)
| Parameter | Description |
|---|---|
| L2 Filter name | A unique name to identify the filter |
Ethernet Header Settings
| Parameter | Description |
|---|---|
| MAC destination / mask | The destination MAC address and mask. Only the bits specified by the mask are used; the other bits are ignored. Address Format: Six pairs of hexadecimal digits, separated by colons (xx:xx:xx:xx:xx:xx). |
| Remote Device MAC | Enable this box to automatically assign the remote device's own MAC address as the frames' destination address. Using the remote device's MAC address means you do not have to create a filter per device when several devices share the same loopback. |
| MAC source / mask | The source MAC address and mask. Only the bits specified by the mask are used; the other bits are ignored. Address Format: Six pairs of hexadecimal digits, separated by colons (xx:xx:xx:xx:xx:xx). |
| Encapsulated Ethertype | Protocol may be selected or entered manually (hexadecimal):
|
| VLAN Stack Size | Enable this box, then make a selection in the drop-down list to indicate the number of VLAN tags that packets must have in order to match this filter. |
VLAN and VLAN-in-VLAN Settings
| Parameter | Description |
|---|---|
| Ethertype | The VLAN Ethernet Type may be one of the following:
|
| CFI/DEI | The Canonical Format Indicator (CFI) or the Drop Eligibility Indicator (DEI). This value should always be set to zero for connections to Ethernet switches. CFI is used to ensure compatibility between Ethernet type networks and Token Ring type networks. If a frame received at an Ethernet port has a CFI set to 1, the frame should not be forwarded "as-is" to an untagged port. In the context of bandwidth regulation, DEI can be used to carry the frame color. When set to 0, the frame is green; when set to 1 the frame is yellow. |
| Priority | VLAN priority allows provisioning CoS prioritization using the standard 802.1Q priority tag. Interpreting the priorities is based on the carrier's equipment and administrative policies. The valid operator types are:
Note: You can set only one VLAN (VLAN or VLAN-in-VLAN) to a range; the other must be set to Equal to. For instance, if you select a range for the second VLAN (VLAN-in-VLAN), you must select Equal to for the first VLAN (VLAN). |
| VLAN ID | The VLAN ID used to filter traffic. The valid operator types are:
Note: You can set only one VLAN (VLAN or VLAN-in-VLAN) to a range; the other must be set to Equal to. For instance, if you select a range for the second VLAN (VLAN-in-VLAN), you must select Equal to for the first VLAN (VLAN). |
DSCP/IP Precedence
| Parameter | Description |
|---|---|
| DSCP/IP Precedence | The DSCP/IP precedence operator. The valid operator types are:
Note: You can set only one VLAN (VLAN or VLAN-in-VLAN) to a range; the other must be set to Equal to. For instance, if you select a range for the second VLAN (VLAN-in-VLAN), you must select Equal to for the first VLAN (VLAN). |
Configuring an IPv4 Filter
To set up an IPv4 filter
Access the page Traffic ▶ Filters ▶ IPv4 Filters.
A summary of all IPv4 filters that have been set up is displayed. For more information on specific parameters, refer to the table at the end of this procedure.
The total number of filters found in the system is given in the lower-left corner of the page, as well as the index values of the items currently displayed on screen (for example, [1-25] of 54). Use the page navigation links in the lower-right corner of the page to move between the pages of results.
Note: Commonly-used filters have been predefined for your convenience.Click the Add button to add a new filter, or click the Filter Name of an existing IPv4 filter to edit its settings.
Check the appropriate check box to enable this field, complete the required fields, then click Add.
Notes:For all fields, check the box to enable the field. If the check box is not selected, the value will be ignored.
You can specify several VLAN fields for the first VLAN (VLAN 1), as well as for the second-level VLAN (VLAN in VLAN).
For more information on specific parameters, refer to the following tables.
IPv4 Filters (Traffic ▶ Filters ▶ IPv4 Filters)
| Parameter | Description |
|---|---|
| IPv4 Filter name | A unique name used to identify the filter |
IPv4 Header Settings
| Parameter | Description |
|---|---|
| IPv4 source / mask | The source address and mask. Only the bits specified by the mask are used; the other bits are ignored. Note: Filtering source or destination IP addresses that are assigned by Dynamic Host Control Protocol (DHCP) can be problematic. It is recommended to only specify static or reserved IP addresses in a filter, otherwise the filter must be updated manually whenever the addresses change. |
| IPv4 destination / mask | The destination address and mask. Only the bits specified by the mask are used. The other bits are ignored. Note: Filtering source or destination IP addresses that are assigned by Dynamic Host Control Protocol (DHCP) can be problematic. It is recommended to only specify static or reserved IP addresses in a filter, otherwise the filter must be updated manually whenever the addresses change. |
| TTL | The time-to-live value |
| ECN | Explicit Congestion Notification. Specify either 0 or 3. |
| Header length | The header length, expressed in 32-bit words. Specify a value in the range of 5–15. |
| Protocol | Either select a protocol from the drop-down list or enter a port number (decimal value) manually. Common protocols:
|
| MPLS Header Presence | Select this box to take MPLS headers into account when filtering incoming packets. If this box is enabled, you must also make a selection from the dropdown list to indicate whether or not these headers should be present:
Note: Applies to both the Ethertype 0x8847 (MPLS Unicast) and Ethertype 0x8848 (MPLS Multicast). |
UDP/TCP Port Settings
| Parameter | Description |
|---|---|
| Source Port | Enable this box to specify the UDP or TCP port number (or range of port numbers) to be used by the IPv4 source port field. Make a selection from the drop-down list, depending on how many source ports you want to specify:
|
| Destination Port | Enable this box to specify the UDP or TCP port number (or range of port numbers) to be used by the IPv4 destination port field. Make a selection from the drop-down list, depending on how many source ports you want to specify:
|
ICMP Settings
| Parameter | Description |
|---|---|
| ICMP Type | Enables the use of ICMP. You must specify the ICMP message type to be matched by this filter. Note: These settings are only valid when the "Protocol" parameter is set to ICMP (1). Some well-known ICMP types are:
Other ICMP types: See www.iana.org/ |
| ICMP Code | Enables the use of the ICMP code |
Ethernet Header Settings
| Parameter | Description |
|---|---|
| VLAN Stack Size | Enable this box, then make a selection in the drop-down list to indicate the number of VLAN tags that packets must have in order to match this filter. |
VLAN and VLAN-in-VLAN Settings
| Parameter | Description |
|---|---|
| Ethertype | The VLAN Ethernet Type may be one of the following:
|
| CFI/DEI | The Canonical Format Indicator (CFI) or the Drop Eligibility Indicator (DEI). This value should always be set to zero for connections to Ethernet switches. CFI is used to ensure compatibility between Ethernet type networks and Token Ring type networks. If a frame received at an Ethernet port has a CFI set to 1, the frame should not be forwarded "as-is" to an untagged port. In the context of bandwidth regulation, DEI can be used to carry the frame color. When set to 0, the frame is green; when set to 1 the frame is yellow. |
| Priority | Enable this box to specify the priority. VLAN priority allows provisioning CoS prioritization using the standard 802.1Q priority tag. Interpreting the priorities is based on the carrier's quipment and administrative policies. The valid operator types are:
The possible values for each operator are: 0 to 7. Note: You can set only one VLAN (VLAN or VLAN-in-VLAN) to a range; the other must be set to Equal to. For instance, if you select a range for the second VLAN (VLAN-in-VLAN), you must select Equal to for the first VLAN (VLAN). |
| VLAN ID | The VLAN ID used to filter traffic. The valid operator types are: The valid operator types are:
The possible values for each operator are: 0 to 7. Note: You can set only one VLAN (VLAN or VLAN-in-VLAN) to a range; the other must be set to Equal to. For instance, if you select a range for the second VLAN (VLAN-in-VLAN), you must select Equal to for the first VLAN (VLAN). |
DSCP/IP Precedence
| Parameter | Description |
|---|---|
| DSCP/IP precedence | The DSCP/IP precedence operator. The valid operator types are: The valid operator types are: The valid operator types are:
|
Configuring an IPv6 Filter
To set up an IPv6 filter
Access the page Traffic ▶ Filters ▶ IPv6 Filters.
A summary of all IPv6 filters that have been set up is displayed. For more information on specific parameters, refer to the table at the end of this procedure.
The total number of filters found in the system is given in the lower-left corner of the page, as well as the index values of the items currently displayed on-screen (for example, [1-25] of 54). Use the page navigation links in the lower-right corner of the page to move between the pages of results.
Click the Add button to add a new filter, or click the Filter Name of an existing IPv6 filter to edit its settings.
Check the appropriate check box to enable this field, complete the required fields, then click Add.
Notes:For all fields, check the box to enable the field. If the check box is not selected, the value will be ignored.
You can specify several VLAN fields for the first VLAN (VLAN 1), as well as for the second-level VLAN (VLAN in VLAN).
For more information on specific parameters, refer to the following tables.
IPv6 Filters (Traffic ▶ Filters ▶ IPv6 Filters)
| Parameter | Description |
|---|---|
| IPv6 Filter name | A unique name used to identify the filter |
IPv6 Header Settings
| Parameter | Description |
|---|---|
| IPv6 source / mask | The source address and prefix. Only the bits specified by the prefix are used; the other bits are ignored. Note: Filtering source or destination IP addresses that are assigned by Dynamic Host Control Protocol version 6 (DHCPv6) can be problematic. It is recommended to only specify static or reserved IP addresses in a filter, otherwise the filter must be updated manually whenever the addresses change. |
| IPv6 destination / prefix | The destination address and prefix. Only the bits specified by the prefix are used. The other bits are ignored. Note: Filtering source or destination IP addresses that are assigned by Dynamic Host Control Protocol version 6 (DHCPv6) can be problematic. It is recommended to only specify static or reserved IP addresses in a filter, otherwise the filter must be updated manually whenever the addresses change. |
| Hop Limit | The current value of the hop limit Valid values range from 0 to 255. Note: This field is the IPv6 equivalent of the IPv4 field "Time to Live (TTL)". |
| Next Header | Select this box to filter on packets that contain a Next Header field that references the protocol indicated in the drop-down list to the right. Notes: The decimal value indicated to the right of the drop-down list is refreshed automatically after you make your selection. As an alternative, you can enter the value associated with the protocol instead of selecting it from the list. This field is the IPv6 equivalent of the IPv4 field "Protocol". |
| MPLS Header Presence | Select this box to take MPLS headers into account when filtering incoming packets. If this box is enabled, you must also make a selection from the dropdown list to indicate whether or not these headers should be present:
Note: Applies to both the Ethertype 0x8847 (MPLS Unicast) and Ethertype 0x8848 (MPLS Multicast). |
UDP/TCP Port Settings
| Parameter | Description |
|---|---|
| Source Port | Enable this box to specify the UDP or TCP port number (or range of port numbers) to be used by the IPv6 source port field. This setting is valid only when the Protocol is set to TCP (6) or UDP (17). |
| Destination Port | Enable this box to specify the UDP or TCP port number (or range of port numbers) to be used by the IPv6 destination port field. This setting is valid only when the Protocol is set to TCP (6) or UDP (17). |
ICMPv6 Settings
| Parameter | Description |
|---|---|
| ICMPv6 Type | Enables the use of ICMPv6. You must specify the ICMPv6 message type to be matched by this filter. Note : These settings are only valid when the "Next Header" parameter is set to ICMPv6 (58). Some well-known ICMPv6 types are:
Other ICMP types: See www.iana.org/ |
| ICMPv6 Code | Enables the use of the ICMPv6 code |
Ethernet Header Settings
| Parameter | Description |
|---|---|
| VLAN Stack Size | Enable this box, then make a selection in the drop-down list to indicate the number of VLAN tags that packets must have in order to match this filter. |
VLAN and VLAN-in-VLAN Settings
| Parameter | Description |
|---|---|
| Ethertype | The VLAN Ethernet Type may be one of the following:
|
| CFI/DEI | The Canonical Format Indicator (CFI) or the Drop Eligibility Indicator (DEI). This value should always be set to zero for connections to Ethernet switches. CFI is used to ensure compatibility between Ethernet type networks and Token Ring type networks. If a frame received at an Ethernet port has a CFI set to 1, the frame should not be forwarded "as-is" to an untagged port. In the context of bandwidth regulation, DEI can be used to carry the frame color. When set to 0, the frame is green; when set to 1 the frame is yellow. |
| Priority | Enable this box to specify the priority. VLAN priority allows provisioning CoS prioritization using the standard 802.1Q priority tag. Interpreting the priorities is based on the carrier's quipment and administrative policies. The valid operator types are:
The possible values for each operator are: 0 to 7. Note: You can set only one VLAN (VLAN or VLAN-in-VLAN) to a range; the other must be set to Equal to. For instance, if you select a range for the second VLAN (VLAN-in-VLAN), you must select Equal to for the first VLAN (VLAN). |
| VLAN ID | The VLAN ID used to filter traffic. The valid operator types are: The valid operator types are:
The possible values for each operator are: 0 to 7. Note: You can set only one VLAN (VLAN or VLAN-in-VLAN) to a range; the other must be set to Equal to. For instance, if you select a range for the second VLAN (VLAN-in-VLAN), you must select Equal to for the first VLAN (VLAN). |
DSCP/IP Precedence
| Parameter | Description |
|---|---|
| DSCP/IP precedence | The DSCP/IP precedence operator. The valid operator types are: The valid operator types are: The valid operator types are:
|
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks
Was this article helpful?