.svg?sv=2022-11-02&spr=https&st=2024-11-22T04%3A52%3A51Z&se=2024-11-22T05%3A02%3A51Z&sr=c&sp=r&sig=tOvMyTtPHIZo9t7Jo4%2Fw%2FL7kR61Za7C6vMtO6htGbqc%3D){kind=logo}
Defining Filters
- 23 Jan 2024
- 16 Minutes to read
- Contributors
- Print
- PDF
Defining Filters
- Updated on 23 Jan 2024
- 16 Minutes to read
- Contributors
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
You can set up a specific filter (Layer-2, IPv4 or IPv6) for use with loopbacks or flows. By using such a filter, you can loop back traffic or set up a flow based on specific characteristics such as
Ethernet Header settings, VLAN settings and DSCP for Layer-2 filters, or based on IPv4 or IPv6 Header settings, settings and VLAN settings. You can also use the preconfigured Layer-2, IPv4 or IPv6 filters.
Note: The maximum number of flows using a specific filter (Layer-2, IPv4 or IPv6) is limited by the type of unit you use. Refer to your unit’s datasheet for the maximum number of traffic policiesflows.
Configuring a Layer-2 Filter
To set up a Layer-2 filter
Access the page Traffic ▶Filters ▶L2 Filters.
A summary of all Layer-2 filters that are currently set up is displayed. For more information on specific parameters, refer to the table at the end of this procedure.
The total number of filters found in the system is given in the lower-left corner of the page, as well as the index values of the items currently displayed on-screen (for example, [1–25] of 54). Use the page navigation links in the lower-right corner of the page to move between the pages of results.
Note: Commonly-used filters have been predefined for your convenience.Click Add to add a new filter or click the Filter Name of an existing Layer-2 filter to edit its settings.
Note: When you edit an existing Layer-2 filter, the changes that you make are not applied to loopbacks in use when you click Add. If you want those loopbacks to use the modified Layer-2 filter, you need to disable the loopback and re-enable it (See Setting Up and Enabling Loopbacks on page 372). For traffic policies, the changes you make are applied immediately when you click Add.Check the appropriate check box to enable this field, complete the required fields, then click Add.
Notes:
When making changes to any parameter of an in-use filter (filter associated to an active policy or an active OAM loopback), the following message will be displayed "Configuration changes are service affecting. Are you sure you want to proceed?". Click OK to proceed with your changes or Cancel to go back to the previous screen.
For all fields, check the box to enable the field. If the check box is not selected, the value will be ignored. You can specify several VLAN fields for the first VLAN (VLAN 1) as well as for the second level VLAN (VLAN in VLAN).
For more information on specific parameters, refer to the following tables.
Layer-2 Filters (Traffic ▶Filters ▶L2 Filters)
| Parameter | Description |
|---|---|
| L2 Filter Name/Filter Name | A unique name to identify the filter |
Ethernet Header Settings
| Parameter | Description |
|---|---|
| MAC Destination/Mask | The destination MAC address and mask. Only the bits specified by the mask are used; the other bits are ignored. Address Format: Six pairs of hexadecimal digits, separated by colons (xx:xx:xx:xx:xx:xx). |
| MAC Source/Mask | The source MAC address and mask. Only the bits specified by the mask are used; the other bits are ignored. Address Format: Six pairs of hexadecimal digits, separated by colons (xx:xx:xx:xx:xx:xx). |
| Encapsulated Ethertype | Protocol may be selected or entered manually (hexadecimal):
|
| VLAN Stack Size | Enable this box, then make a selection in the drop-down list to indicate the number of VLAN tags that packets must have in order to match this filter. |
VLAN and VLAN-in-VLAN Settings
| Parameter | Description |
|---|---|
| Ethertype | The VLAN Ethernet Type may be one of the following:
|
| CFI/DEI | The Canonical Format Indicator (CFI) or the Drop Eligibility Indicator (DEI). This value should always be set to zero for connections to Ethernet switches. CFI is used to ensure compatibility between Ethernet type networks and Token Ring type networks. If a frame received at an Ethernet port has a CFI set to 1, the frame should not be forwarded as-is to an untagged port. In the context of bandwidth regulation, DEI can be used to carry the frame color. When set to 0, the frame is green; when set to 1, the frame is yellow. |
| Priority | VLAN priority allows provisioning CoS prioritization using the standard 802.1Q priority tag. Interpreting the priorities is based on the carrier's equipment and administrative policies. The valid operator types are:
Note: You can set only one VLAN (VLAN or VLAN-in-VLAN) to a range; the other must be set to Equal to. For instance, if you select a range for the second VLAN (VLAN-in-VLAN), you must select Equal to for the first VLAN (VLAN). |
| VLAN ID | The VLAN ID used to filter traffic. The valid operator types are:
|
DSCP/IP Precedence
| Parameter | Description |
|---|---|
| DSCP/IP Precedence | The DSCP/IP precedence operator. The valid operator types are:
|
Configuring an IPv4 Filter
To set up an IPv4 filter
Access the page Traffic ▶Filters ▶IPv4 Filters.
A summary of all IPv4 filters that have been set up is displayed. For more information on specific parameters, refer to the table at the end of this procedure. The total number of filters found in the system is given in the lower-left corner of the page, as well as the index values of the items currently displayed on-screen (for example, [1-25] of 54). Use the page navigation links in the lower-right corner of the page to move between the pages of results.
Note: Commonly-used filters have been predefined for your convenience.Click the Add button to add a new filter or click the Filter Name of an existing IPv4 filter to edit its settings.
Note: When you edit an existing IPv4 filter, the changes that you make are not applied to loopbacks in use when you click Add. If you want those loopbacks to use the modified IPv4 filter, you need to disable the loopback and re-enable it (See Setting Up and Enabling Loopbacks on page 372). For traffic policies, the changes you make are applied immediately when you click Add.Check the appropriate check box to enable this field, complete the required fields, then click Add.
Notes: When making changes to any parameter of an in-use filter (filter associated to an active policy or an active OAM loopback), the following message will be displayed "Configuration changes are service affecting. Are you sure you want to proceed?". Click OK to proceed with your changes or Cancel to go back to the previous screen. For all fields, check the box to enable the field. If the check box is not selected, the value will be ignored.
You can specify several VLAN fields for the first VLAN (VLAN 1), as well as for the second-level VLAN (VLAN in VLAN).
For more information on specific parameters, refer to the following tables.
IPv4 Filters (Traffic ▶Filters ▶IPv4 Filters)
| Parameter | Description |
|---|---|
| IPv4 Filter Name Filter Name | A unique name used to identify the filter. |
| Parameter | Description |
|---|---|
| IPv4 Source/Mask IP Source | The source address and mask. Only the bits specified by the mask are used; the other bits are ignored. Note: Filtering source or destination IP addresses that are assigned by Dynamic Host Control Protocol (DHCP) can be problematic. It is recommended to only specify static or reserved IP addresses in a filter, otherwise the filter must be updated manually whenever the addresses change. |
| IPv4 Destination/Mask IP Destination | The destination address and mask. Only the bits specified by the mask are used. The other bits are ignored. Note: Filtering source or destination IP addresses that are assigned by Dynamic Host Control Protocol (DHCP) can be problematic. It is recommended that you only specify static or reserved IP addresses in a filter. Otherwise the filter must be updated manually whenever the addresses change. |
| TTL | The time-to-live value. |
| ECN | Explicit Congestion Notification. Specify either 0 or 3. |
| Header Length | The header length, expressed in 32-bit words. Specify a value in the range of 5–15. |
| Protocol | Either select a protocol from the drop-down list or enter a port number (decimal value) manually. Common protocols:
|
UDP/TCP Port Settings
| Parameter | Description |
|---|---|
| Source Port | Enable this box to specify the UDP or TCP port number (or range of port numbers) to be used by the IPv4 source port field. This setting is valid only when the Protocol is set to TCP (6) or UDP (17). |
| Destination Port | Enable this box to specify the UDP or TCP port number (or range of port numbers) to be used by the IPv4 destination port field. This setting is valid only when the Protocol is set to TCP (6) or UDP (17). |
ICMP Settings
| Parameter | Description |
|---|---|
| ICMP Type | Enables the use of ICMP. You must specify the ICMP message type to be matched by this filter. Note: These settings are only valid when the Protocol parameter is set to ICMP (1). Some well-known ICMP types are:
|
| ICMP Code | Enables the use of the ICMP code |
Ethernet Header Settings
| Parameter | Description |
|---|---|
| VLAN Stack Size | Enable this box, then make a selection from the drop-down list to indicate the number of VLAN tags that packets must have in order to match this filter. |
VLAN and VLAN-in-VLAN Settings
| Parameter | Description |
|---|---|
| Ethertype | The VLAN Ethernet Type may be one of the following:
|
| CFI/DEI | The Canonical Format Indicator (CFI) or the Drop Eligibility Indicator (DEI). This value should always be set to zero for connections to Ethernet switches. CFI is used to ensure compatibility between Ethernet type networks and Token Ring type networks. If a frame received at an Ethernet port has a CFI set to 1, the frame should not be forwarded as-is to an untagged port. In the context of bandwidth regulation, DEI can be used to carry the frame color. When set to 0, the frame is green; when set to 1, the frame is yellow. |
| Priority | VLAN priority allows provisioning CoS prioritization using the standard 802.1Q priority tag. Interpreting the priorities is based on the carrier's equipment and administrative policies. The valid operator types are:
Note: You can set only one VLAN (VLAN or VLAN-in-VLAN) to a range; the other must be set to Equal to. For instance, if you select a range for the second VLAN (VLAN-in-VLAN), you must select Equal to for the first VLAN (VLAN). |
| VLAN ID | The VLAN ID used to filter traffic. The valid operator types are:
|
DSCP/IP Precedence
| Parameter | Description |
|---|---|
| DSCP/IP Precedence | The DSCP/IP precedence operator. The valid operator types are:
|
Configuring an IPv6 Filter
To set up an IPv6 filter
Access the page Traffic ▶Filters ▶IPv6 Filters.
A summary of all IPv6 filters that have been set up is displayed. For more information on specific parameters, refer to the table at the end of this procedure. The total number of filters found in the system is given in the lower-left corner of the page, as well as the index values of the items currently displayed on-screen (for example, [1–25] of 54). Use the page navigation links in the lower-right corner of the page to move between the pages of results.
Note: Commonly-used filters have been predefined for your convenience.Click the Add button to add a new filter or click the Filter Name of an existing IPv6 filter to edit its settings.
Note: When you edit an existing IPv6 filter, the changes that you make are not applied to loopbacks in use when you click Add. If you want those loopbacks to use the modified IPv6 filter, you need to disable the loopback and re-enable it ("Setting Up and Enabling Loopbacks"). For traffic policies, the changes you make are applied immediately when you click Add.Check the appropriate check box to enable this field, complete the required fields, then click Add.
Notes: When making changes to any parameter of an in-use filter (filter associated to an active policy or an active OAM loopback), the following message will be displayed "Configuration changes are service affecting. Are you sure you want to proceed?". Click OK to proceed with your changes or Cancel to go back to the previous screen.
For all fields, check the box to enable the field. If the check box is not selected, the value will be ignored.
You can specify several VLAN fields for the first VLAN (VLAN 1), as well as for the second-level VLAN (VLAN in VLAN).
For more information on specific parameters, refer to the following tables.
IPv6 Filters (Traffic ▶Filters ▶IPv6 Filters)
| Parameter | Description |
|---|---|
| IPv6 Filter Name Filter Name | A unique name used to identify the filter. |
IPv6 Header Settings
| Parameter | Description |
|---|---|
| IPv6 Source/Prefix IPv6 Source | The source address and prefix. Only the bits specified by the prefix are used; the other bits are ignored. Note: Filtering source or destination IP addresses that are assigned by Dynamic Host Control Protocol version 6 (DHCPv6) can be problematic. It is recommended to only specify static or reserved IP addresses in a filter, otherwise the filter must be updated manually whenever the addresses change. |
| IPv6 Destination/Prefix IPv6 Destination | The destination address and prefix. Only the bits specified by the prefix are used; the other bits are ignored. Note: Filtering source or destination IP addresses that are assigned by Dynamic Host Control Protocol version 6 (DHCPv6) can be problematic. It is recommended to only specify static or reserved IP addresses in a filter, otherwise the filter must be updated manually whenever the addresses change. |
| Hop Limit | The current value of the hop limit Valid values range from 0–255. Note: This field is the IPv6 equivalent of the IPv4 field "Time to Live" (TTL)". |
| Next Header | Select this box to filter on packets that contain a Next Header field that references the protocol indicated in the drop-down list to the right (this field is the IPv6 equivalent of the IPv4 field "Protocol"). Notes: The decimal value indicated to the right of the drop-down list is refreshed automatically after you make your selection. As an alternative, you can enter the value associated with the protocol instead of selecting it from the list. Because the frame headers fields extraction depth is limited to the first 96 bytes of a frame, any fields of an IPv6 frame that are beyond the first 96 bytes will not be extracted. Therefore, they will not be found in the classification key used against an IPv6 filter." Also, the following IPv6 Next Headers identifying Extension Headers will be skipped. Therefore, they will not be found in the classification key used against an IPv6 filter:
|
UDP/TCP Port Settings
| Parameter | Description |
|---|---|
| Source Port | Enable this box to specify the UDP or TCP port number (or range of port numbers) to be used by the IPv6 destination port field. This setting is valid only when the Next Header is set to TCP (6) or UDP (17). |
| Destination Port | Enable this box to specify the UDP or TCP port number (or range of port numbers) to be used by the IPv6 destination port field. This setting is valid only when the Next Header is set to TCP (6) or UDP (17). |
ICMPv Settings
| Parameter | Description |
|---|---|
| ICMPv6 Type | Enables the use of ICMPv6 type. You must specify the ICMPv6 message type to be matched by this filter. Note: These settings are only valid when the "Next Header" parameter is set to ICMPv6 (58). Some well-known ICMPv6 types are:
|
| ICMPv6 Code | Enables the use of the ICMPv6 code |
Ethernet Header Settings
| Parameter | Description |
|---|---|
| VLAN Stack Size | Enable this box, then make a selection in the drop-down list to indicate the number of VLAN tags that packets must have in order to match this filter. |
VLAN and VLAN-in-VLAN Settings
| Parameter | Description |
|---|---|
| Ethertype | The VLAN Ethernet Type may be one of the following:
|
| CFI/DEI | The Canonical Format Indicator (CFI) or the Drop Eligibility Indicator (DEI). This value should always be set to zero for connections to Ethernet switches. CFI is used to ensure compatibility between Ethernet type networks and Token Ring type networks. If a frame received at an Ethernet port has a CFI set to 1, the frame should not be forwarded as-is to an untagged port. In the context of bandwidth regulation, DEI can be used to carry the frame color. When set to 0, the frame is green; when set to 1, the frame is yellow. |
| Priority | Enable this box to specify the priority. VLAN priority allows provisioning CoS prioritization using the standard 802.1Q priority tag. Interpreting the priorities is based on the carrier's equipment and administrative policies. The valid operator types are:
Note: You can set only one VLAN (VLAN or VLAN-in- VLAN) to a range; the other must be set to Equal to. For instance, if you select a range for the second VLAN (VLAN-in-VLAN), you must select Equal to for the first VLAN (VLAN). |
| VLAN ID | The VLAN ID used to filter traffic. The valid operator types are:
|
Traffic Class
| Parameter | Description |
|---|---|
| DSCP/IP Precedence | The DSCP/IP precedence operator. The valid operator types are:
|
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks
Was this article helpful?