Defining Filters
  • 09 Aug 2024
  • 16 Minutes to read
  • Contributors
  • PDF

Defining Filters

  • PDF

Article summary

You can set up a specific filter (Layer-2, IPv4 or IPv6) for use with loopbacks or flows. By using such a filter, you can loop back traffic or set up a flow based on specific characteristics such as Ethernet Header settings, VLAN settings and DSCP for Layer-2 filters, or based on IPv4 or IPv6 Header settings, settings and VLAN settings. You can also use the preconfigured Layer-2, IPv4 or IPv6 filters.


Note: The maximum number of flows using a specific filter (Layer-2, IPv4 or IPv6) is limited by the type of unit you use. Refer to your unit’s datasheet for the maximum number of traffic policiesflows.

Configuring a Layer-2 Filter

To set up a Layer-2 filter

  1. Access the page Traffic ▶Filters ▶L2 Filters.
    A summary of all Layer-2 filters that are currently set up is displayed. For more information on specific parameters, refer to the table at the end of this procedure. The total number of filters found in the system is given in the lower-left corner of the page, as well as the index values of the items currently displayed on-screen (for example, [1–25] of 54). Use the page navigation links in the lower-right corner of the page to move between the pages of results.


    Note: Commonly-used filters have been predefined for your convenience.

  2. Click Add to add a new filter or click the Filter Name of an existing Layer-2 filter to edit its settings.


    Note: When you edit an existing Layer-2 filter, the changes that you make are not applied to loopbacks in use when you click Add. If you want those loopbacks to use the modified Layer-2 filter, you need to disable the loopback and re-enable it (See Setting Up and Enabling Loopbacks on page 372). For traffic policies, the changes you make are applied immediately when you click Add.

  3. Check the appropriate check box to enable this field, complete the required fields, then click Add.


    Notes:
    When making changes to any parameter of an in-use filter (filter associated to an active policy or an active OAM loopback), the following message will be displayed "Configuration changes are service affecting. Are you sure you want to proceed?". Click OK to proceed with your changes or Cancel to go back to the previous screen.
    For all fields, check the box to enable the field. If the check box is not selected, the value will be ignored. You can specify several VLAN fields for the first VLAN (VLAN 1) as well as for the second level VLAN (VLAN in VLAN).

For more information on specific parameters, refer to the following tables.

Layer-2 Filters (Traffic ▶Filters ▶L2 Filters)

ParameterDescription
L2 Filter Name/Filter NameA unique name to identify the filter

Ethernet Header Settings

ParameterDescription
MAC Destination/MaskThe destination MAC address and mask. Only the bits specified by the mask are used; the other bits are ignored.

Address Format: Six pairs of hexadecimal digits, separated by colons (xx:xx:xx:xx:xx:xx).

MAC Source/MaskThe source MAC address and mask. Only the bits specified by the mask are used; the other bits are ignored.

Address Format: Six pairs of hexadecimal digits, separated by colons (xx:xx:xx:xx:xx:xx).

Encapsulated EthertypeProtocol may be selected or entered manually (hexadecimal):
  • IPv4 (0x0800)
  • X.25 Layer3 (0x0805)
  • ARP (0x0806)
  • REVARP (0x8035)
  • IPX (0x8137)
  • SNMP (0x814C)
  • WCP (0x80FF)
  • IPv6 (0x86DD)
  • MAC Control (0x8808)
  • MAC Protocol (0x22E2)
  • PPP (0x880B)
  • MPLS (0x8847)
  • MPLS Multicast (0x8848)
  • PPPOE Discovery (0x8863)
  • PPPOE Session (0x8864)
  • VLAN (0x8100)
  • VLAN (0x88A8)
  • LLDP (0x88CC)
  • 3GPP2 (0x88d2)
VLAN Stack SizeEnable this box, then make a selection in the drop-down list to indicate the number of VLAN tags that packets must have in order to match this filter.

VLAN and VLAN-in-VLAN Settings

ParameterDescription
EthertypeThe VLAN Ethernet Type may be one of the following:
  • C-VLAN: Customer VLAN (typically the inner tag).
  • S-VLAN: Service VLAN (typically the outer tag).
  • T-VLAN: Tunnel VLAN (either the inner or outer tag).
  • Any: Choose this option so filters will allow frames with C-VLAN, S-VLAN or T-VLAN tags through.
Note: Access the page System ►Configuration ►Mode to set the value for the S-VLAN Ethertype. For details, see "Configuring General System Settings".
CFI/DEIThe Canonical Format Indicator (CFI) or the Drop Eligibility Indicator (DEI). This value should always be set to zero for connections to Ethernet switches.

CFI is used to ensure compatibility between Ethernet type networks and Token Ring type networks. If a frame received at an Ethernet port has a CFI set to 1, the frame should not be forwarded as-is to an untagged port.

In the context of bandwidth regulation, DEI can be used to carry the frame color. When set to 0, the frame is green; when set to 1, the frame is yellow.

PriorityVLAN priority allows provisioning CoS prioritization using the standard 802.1Q priority tag. Interpreting the priorities is based on the carrier's equipment and administrative policies. The valid operator types are:
  • Greater than
  • Less than
  • Equal to
  • Range (inclusive range)
The possible values for each operator are: 0 to 7.

Note: You can set only one VLAN (VLAN or VLAN-in-VLAN) to a range; the other must be set to Equal to. For instance, if you select a range for the second VLAN (VLAN-in-VLAN), you must select Equal to for the first VLAN (VLAN).

VLAN IDThe VLAN ID used to filter traffic. The valid operator types are:
  • Greater than
  • Less than
  • Equal to
  • Range (inclusive range)
Note: You can set only one VLAN (VLAN or VLAN-in-VLAN) to a range; the other must be set to Equal to. For instance, if you select a range for the second VLAN (VLAN-in-VLAN), you must select Equal to for the first VLAN (VLAN).

DSCP/IP Precedence

ParameterDescription
DSCP/IP PrecedenceThe DSCP/IP precedence operator. The valid operator types are:
  • Greater than
  • Less than
  • Equal to
  • Range (inclusive range)
Note: For this parameter to function as expected, you must also enable the Ethertype parameter and set its value to "IPv4 (0x800) or IPv6 (0x86dd)".

Configuring an IPv4 Filter

To set up an IPv4 filter

  1. Access the page Traffic ▶Filters ▶IPv4 Filters.
    A summary of all IPv4 filters that have been set up is displayed. For more information on specific parameters, refer to the table at the end of this procedure. The total number of filters found in the system is given in the lower-left corner of the page, as well as the index values of the items currently displayed on-screen (for example, [1-25] of 54). Use the page navigation links in the lower-right corner of the page to move between the pages of results.


    Note: Commonly-used filters have been predefined for your convenience.

  2. Click the Add button to add a new filter or click the Filter Name of an existing IPv4 filter to edit its settings.


    Note: When you edit an existing IPv4 filter, the changes that you make are not applied to loopbacks in use when you click Add. If you want those loopbacks to use the modified IPv4 filter, you need to disable the loopback and re-enable it (See Setting Up and Enabling Loopbacks on page 372). For traffic policies, the changes you make are applied immediately when you click Add.

  3. Check the appropriate check box to enable this field, complete the required fields, then click Add.


    Notes: When making changes to any parameter of an in-use filter (filter associated to an active policy or an active OAM loopback), the following message will be displayed "Configuration changes are service affecting. Are you sure you want to proceed?". Click OK to proceed with your changes or Cancel to go back to the previous screen. For all fields, check the box to enable the field. If the check box is not selected, the value will be ignored.

    You can specify several VLAN fields for the first VLAN (VLAN 1), as well as for the second-level VLAN (VLAN in VLAN).


For more information on specific parameters, refer to the following table.

IPv4 Filters (Traffic ▶Filters ▶IPv4 Filters)

ParameterDescription
IPv4 Filter Name

Filter Name

A unique name used to identify the filter.
ParameterDescription
IPv4 Source/Mask

IP Source

The source address and mask. Only the bits specified by the mask are used; the other bits are ignored.

Note: Filtering source or destination IP addresses that are assigned by Dynamic Host Control Protocol (DHCP) can be problematic. It is recommended to only specify static or reserved IP addresses in a filter, otherwise the filter must be updated manually whenever the addresses change.

IPv4 Destination/Mask

IP Destination

The destination address and mask. Only the bits specified by the mask are used. The other bits are ignored.

Note: Filtering source or destination IP addresses that are assigned by Dynamic Host Control Protocol (DHCP) can be problematic. It is recommended that you only specify static or reserved IP addresses in a filter. Otherwise the filter must be updated manually whenever the addresses change.

TTLThe time-to-live value.
ECNExplicit Congestion Notification. Specify either 0 or 3.
Header LengthThe header length, expressed in 32-bit words. Specify a value in the range of 5–15.
ProtocolEither select a protocol from the drop-down list or enter a port number (decimal value) manually.

Common protocols:

  • TCP (6): Used by HTTP, FTP, Telnet and SMTP.
  • UDP (17): Used by DNS, SNMP and RIP.
  • UDP (17): Used by DNS, SNMP and RIP.
Available protocols [protocol name (port number)]:
  • ICMP (1)
  • IGMP (2)
  • IP (4)
  • TCP (6)
  • EGP (8)
  • IGP (9)
  • UDP (17)
  • IPv6 (41)
  • SDRP (42)
  • IPv6-Route (43)
  • IPv6-Frag (44)
  • IDRP (45)
  • RSVP (46)
  • GRE (47)
  • MHRP (48)
  • ESP (50)
  • AH (51)
  • MOBILE (55)
  • SKIP (57)
  • EIGRP (88)
  • OSPFIG (89)
  • IPComp (108)
  • VRRP (112)
  • Custom

UDP/TCP Port Settings

ParameterDescription
Source PortEnable this box to specify the UDP or TCP port number (or range of port numbers) to be used by the IPv4 source port field.

This setting is valid only when the Protocol is set to TCP (6) or UDP (17).

Destination PortEnable this box to specify the UDP or TCP port number (or range of port numbers) to be used by the IPv4 destination port field.

This setting is valid only when the Protocol is set to TCP (6) or UDP (17).

ICMP Settings

ParameterDescription
ICMP TypeEnables the use of ICMP. You must specify the ICMP message type to be matched by this filter.

Note: These settings are only valid when the Protocol parameter is set to ICMP (1).

Some well-known ICMP types are:

  • Echo Reply (0)
  • Destination Unreachable (3)
  • Redirect (5)
  • Echo (8)
  • Time Exceeded (11)
Other ICMP Codes: See www.iana.org/
ICMP CodeEnables the use of the ICMP code

Ethernet Header Settings

ParameterDescription
VLAN Stack SizeEnable this box, then make a selection from the drop-down list to indicate the number of VLAN tags that packets must have in order to match this filter.

VLAN and VLAN-in-VLAN Settings

ParameterDescription
EthertypeThe VLAN Ethernet Type may be one of the following:
  • C-VLAN: Customer VLAN (typically the inner tag).
  • S-VLAN: Service VLAN (typically the outer tag).
  • T-VLAN: Tunnel VLAN (either the inner or outer tag).
  • Any: Choose this option so filters will allow frames with C-VLAN, S-VLAN or T-VLAN tags through.
Note: Access the page System ►Configuration ►Mode to set the value for the S-VLAN Ethertype. For details, see "Configuring General System Settings".
CFI/DEIThe Canonical Format Indicator (CFI) or the Drop Eligibility Indicator (DEI). This value should always be set to zero for connections to Ethernet switches.

CFI is used to ensure compatibility between Ethernet type networks and Token Ring type networks. If a frame received at an Ethernet port has a CFI set to 1, the frame should not be forwarded as-is to an untagged port.

In the context of bandwidth regulation, DEI can be used to carry the frame color. When set to 0, the frame is green; when set to 1, the frame is yellow.

PriorityVLAN priority allows provisioning CoS prioritization using the standard 802.1Q priority tag. Interpreting the priorities is based on the carrier's equipment and administrative policies. The valid operator types are:
  • Greater than
  • Less than
  • Equal to
  • Range (inclusive range)
The possible values for each operator are: 0 to 7.

Note: You can set only one VLAN (VLAN or VLAN-in-VLAN) to a range; the other must be set to Equal to. For instance, if you select a range for the second VLAN (VLAN-in-VLAN), you must select Equal to for the first VLAN (VLAN).

VLAN IDThe VLAN ID used to filter traffic. The valid operator types are:
  • Greater than
  • Less than
  • Equal to
  • Range (inclusive range)
Note: You can set only one VLAN (VLAN or VLAN-in-VLAN) to a range; the other must be set to Equal to. For instance, if you select a range for the second VLAN (VLAN-in-VLAN), you must select Equal to for the first VLAN (VLAN).

DSCP/IP Precedence

ParameterDescription
DSCP/IP PrecedenceThe DSCP/IP precedence operator. The valid operator types are:
  • Greater than
  • Less than
  • Equal to
  • Range (inclusive range)

Configuring an IPv6 Filter

To set up an IPv6 filter

  1. Access the page Traffic ▶Filters ▶IPv6 Filters.
    A summary of all IPv6 filters that have been set up is displayed. For more information on specific parameters, refer to the table at the end of this procedure. The total number of filters found in the system is given in the lower-left corner of the page, as well as the index values of the items currently displayed on-screen (for example, [1–25] of 54). Use the page navigation links in the lower-right corner of the page to move between the pages of results.


    Note: Commonly-used filters have been predefined for your convenience.

  2. Click the Add button to add a new filter or click the Filter Name of an existing IPv6 filter to edit its settings.


    Note: When you edit an existing IPv6 filter, the changes that you make are not applied to loopbacks in use when you click Add. If you want those loopbacks to use the modified IPv6 filter, you need to disable the loopback and re-enable it ("Setting Up and Enabling Loopbacks"). For traffic policies, the changes you make are applied immediately when you click Add.

  3. Check the appropriate check box to enable this field, complete the required fields, then click Add.


Notes: When making changes to any parameter of an in-use filter (filter associated to an active policy or an active OAM loopback), the following message will be displayed "Configuration changes are service affecting. Are you sure you want to proceed?". Click OK to proceed with your changes or Cancel to go back to the previous screen.
For all fields, check the box to enable the field. If the check box is not selected, the value will be ignored.
You can specify several VLAN fields for the first VLAN (VLAN 1), as well as for the second-level VLAN (VLAN in VLAN).

For more information on specific parameters, refer to the following tables.

IPv6 Filters (Traffic ▶Filters ▶IPv6 Filters)

ParameterDescription
IPv6 Filter Name

Filter Name

A unique name used to identify the filter.

IPv6 Header Settings

ParameterDescription
IPv6 Source/Prefix

IPv6 Source

The source address and prefix. Only the bits specified by the prefix are used; the other bits are ignored.

Note: Filtering source or destination IP addresses that are assigned by Dynamic Host Control Protocol version 6 (DHCPv6) can be problematic. It is recommended to only specify static or reserved IP addresses in a filter, otherwise the filter must be updated manually whenever the addresses change.

IPv6 Destination/Prefix

IPv6 Destination

The destination address and prefix. Only the bits specified by the prefix are used; the other bits are ignored.

Note: Filtering source or destination IP addresses that are assigned by Dynamic Host Control Protocol version 6 (DHCPv6) can be problematic. It is recommended to only specify static or reserved IP addresses in a filter, otherwise the filter must be updated manually whenever the addresses change.

Hop LimitThe current value of the hop limit

Valid values range from 0–255.

Note: This field is the IPv6 equivalent of the IPv4 field "Time to Live" (TTL)".

Next HeaderSelect this box to filter on packets that contain a Next Header field that references the protocol indicated in the drop-down list to the right (this field is the IPv6 equivalent of the IPv4 field "Protocol").

Notes: The decimal value indicated to the right of the drop-down list is refreshed automatically after you make your selection. As an alternative, you can enter the value associated with the protocol instead of selecting it from the list.

Because the frame headers fields extraction depth is limited to the first 96 bytes of a frame, any fields of an IPv6 frame that are beyond the first 96 bytes will not be extracted. Therefore, they will not be found in the classification key used against an IPv6 filter."

Also, the following IPv6 Next Headers identifying Extension Headers will be skipped. Therefore, they will not be found in the classification key used against an IPv6 filter:

  • Fragment header (44)
  • Destination options (60)
  • Routing header (43)
  • Fragment header (44)
  • Authentication header (51)
  • Mobility Header (135)

UDP/TCP Port Settings

ParameterDescription
Source PortEnable this box to specify the UDP or TCP port number (or range of port numbers) to be used by the IPv6 destination port field.

This setting is valid only when the Next Header is set to TCP (6) or UDP (17).

Destination PortEnable this box to specify the UDP or TCP port number (or range of port numbers) to be used by the IPv6 destination port field.

This setting is valid only when the Next Header is set to TCP (6) or UDP (17).

ICMPv Settings

ParameterDescription
ICMPv6 TypeEnables the use of ICMPv6 type. You must specify the ICMPv6 message type to be matched by this filter.

Note: These settings are only valid when the "Next Header" parameter is set to ICMPv6 (58).

Some well-known ICMPv6 types are:

  • Echo Request (128)
  • Echo Reply (129)
  • Destination Unreachable (1)
  • Redirect (137)
  • Neighbor Solicitation (135)
  • Neighbor Advertisement (136)
Other ICMPv6 Codes: See www.iana.org/
ICMPv6 CodeEnables the use of the ICMPv6 code

Ethernet Header Settings

ParameterDescription
VLAN Stack SizeEnable this box, then make a selection in the drop-down list to indicate the number of VLAN tags that packets must have in order to match this filter.

VLAN and VLAN-in-VLAN Settings

ParameterDescription
EthertypeThe VLAN Ethernet Type may be one of the following:
  • C-VLAN: Customer VLAN (typically the inner tag).
  • S-VLAN: Service VLAN (typically the outer tag).
  • T-VLAN: Tunnel VLAN (either the inner or outer tag).
  • Any: Choose this option so filters will allow frames with C-VLAN, S-VLAN or T-VLAN tags through.
Note: Access the page System ►Configuration ►Mode to set the value for the S-VLAN Ethertype. For details, see "Configuring General System Settings".
CFI/DEIThe Canonical Format Indicator (CFI) or the Drop Eligibility Indicator (DEI). This value should always be set to zero for connections to Ethernet switches.

CFI is used to ensure compatibility between Ethernet type networks and Token Ring type networks. If a frame received at an Ethernet port has a CFI set to 1, the frame should not be forwarded as-is to an untagged port.

In the context of bandwidth regulation, DEI can be used to carry the frame color. When set to 0, the frame is green; when set to 1, the frame is yellow.

PriorityEnable this box to specify the priority.

VLAN priority allows provisioning CoS prioritization using the standard 802.1Q priority tag. Interpreting the priorities is based on the carrier's equipment and administrative policies. The valid operator types are:

  • Greater than
  • Less than
  • Equal to
  • Range (inclusive range)
The possible values for each operator are: 0 to 7.

Note: You can set only one VLAN (VLAN or VLAN-in- VLAN) to a range; the other must be set to Equal to. For instance, if you select a range for the second VLAN (VLAN-in-VLAN), you must select Equal to for the first VLAN (VLAN).

VLAN IDThe VLAN ID used to filter traffic. The valid operator types are:
  • Greater than
  • Less than
  • Equal to
  • Range (inclusive range)
Note: You can set only one VLAN (VLAN or VLAN-in- VLAN) to a range; the other must be set to Equal to. For instance, if you select a range for the second VLAN (VLAN-in-VLAN), you must select Equal to for the first VLAN (VLAN).

Traffic Class

ParameterDescription
DSCP/IP PrecedenceThe DSCP/IP precedence operator. The valid operator types are:
  • Greater than
  • Less than
  • Equal to
  • Range (inclusive range)

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence