Allied-Telesis AT-iMG624A Router Manual PDF (Setup & Configuration Guide)

Page 756 / 998 Scroll up to view Page 751 - 755

L2Filter

Overview

iMG/RG Software Reference Manual (Quality of Service)

7-60

7.2

L2Filter

7.2.1

Overview

The purpose of the L2 Filter module is to provide a mechanism by which inbound traffic can be classified and

acted upon based on its contents.

The module is configured by defining a set of profiles which themselves con-

tain a set of rules.

Each rule defines a packet classification and the appropriate action to take in the event of a

match.

The actions vary from basic operations, such as DROP, to more complex actions such as packet rewrit-

ing.

This mechanism provides a powerful and flexible framework for filtering of traffic in the system.

7.2.1.1 Packet Flow

In order to properly utilize the L2 Filter system, it is important to understand where this module falls in the

general flow of a packet through the system.

The important item to note in the above diagram is that packets are only run through the L2 Filter module in

the event they leave the layer 2 switch bound for the bridge.

This occurs when the CPU requires access to the

packet in order to read it, alter it or route it to another device in the system.

Some examples of these scenar-

ios are the following:

NAT, VLAN translation, usage of the ADSL module, etc.

7.2.1.1.1 Profiles

The profile is the high level container of the L2 Filter system.

The user creates a profile, assigns a series of

rules to that profile and then attaches it to the bridge transport.

Once the L2 Filter system is activated the

packet flow, in the system, is run through the profiles and the appropriate rules are applied.

Multiple profiles

can be configured however only two can be applied to the bridge at any given time.

You can assign one profile

to each direction of packet flow from the bridge (Rx and Tx).

LAN 1

LAN 3

Switch

Bridge

(CPU)

LAN 2

L2 Filter

Page 757 / 998

L2Filter Command Reference

L2Filter

7-61

iMG/RG Software Reference Manual (Quality of Service)

7.2.1.1.2 Rules

The rule is the workhorse of the L2 Filter system.

A user defines a set of rules which contain one packet clas-

sifier and its associated action.

The packet classifier is an offset / value pair that the filter uses to identify packets

on which to apply a rule.

Several of the basic classifier fields have been pre-defined for use however the user has

the ability to define their own.

7.2.1.1.3 Example

The following is an example of how the L2 Filter module can be used to filter incoming and outgoing DHCP

requests for VLAN 402 on the bridge.

Example

l2filter add fieldType udpDstPort base udp_header offset 2 mask 0xffff

l2filter add fieldType ipProtocol base ip_header offset 9 mask 0xff

l2filter add profile bridge_rx

l2filter add profile bridge_tx

l2filter add rule Vlan402DhcpServerRx

l2filter rule Vlan402DhcpServerRx add action drop

l2filter rule Vlan402DhcpServerRx add field udpDstPort EQ 67

l2filter rule Vlan402DhcpServerRx add field packetvid EQ 402

l2filter add rule Vlan402DhcpServerTx

l2filter rule Vlan402DhcpServerTx add action drop

l2filter rule Vlan402DhcpServerTx add field udpDstPort EQ 67

l2filter rule Vlan402DhcpServerTx add field packetvid EQ 402

l2filter profile bridge_rx attach rule Vlan402DhcpServerRx

l2filter profile bridge_tx attach rule Vlan402DhcpServerTx

transport attach default l2filter profile bridge_rx Rx

transport attach default l2filter profile bridge_tx Tx

transport set default l2filter state enabled

7.2.2

L2Filter Command Reference

7.2.2.1 L2 Filter CLI commands

The table below lists the

l2filter

commands provided by the CLI:

TABLE 7-4

L2filter commands

Commands

Fiber

A

Fiber

B

Fiber

C

Fiber

D

Fiber

E

Modul

ar

ADSL

A

ADSL

B

ADSL

C

L2FILTER ADD FIELDTYPE

X

Page 758 / 998

L2Filter

L2Filter Command Reference

iMG/RG Software Reference Manual (Quality of Service)

7-62

L2FILTER ADD PROFILE

X

L2FILTER ADD RULE

X

L2FILTER CLEAR FIELDTYPES

X

L2FILTER CLEAR PROFILES

X

L2FILTER CLEAR RULES

X

L2FILTER DELETE FIELDTYPE

X

L2FILTER DELETE RULE

X

L2FILTER DELETE PROFILE

X

L2FILTER LIST FIELDTYPES

X

L2FILTER LIST PROFILES

X

L2FILTER LIST RULES

X

L2FILTER SHOW PROFILE

X

L2FILTER SHOW RULE

X

L2FILTER SHOW FIELDTYPE

X

L2FILTER PROFILE ATTACH RULE

X

L2FILTER PROFILE DETACH RULE

X

L2FILTER RULE ADD ACTION

X

L2FILTER RULE ADD FIELD

X

L2FILTER RULE LIST ACTIONS

X

L2FILTER RULE LIST FIELDS

X

L2FILTER RULE DELETE ACTION

X

L2FILTER RULE DELETE FIELD

X

L2FILTER SET RULE ENABLE

X

L2FILTER SET RULE DISABLE

X

TABLE 7-4

L2filter commands

Commands

Fiber

A

Fiber

B

Fiber

C

Fiber

D

Fiber

E

Modul

ar

ADSL

A

ADSL

B

ADSL

C

Page 759 / 998

L2Filter Command Reference

L2Filter

7-63

iMG/RG Software Reference Manual (Quality of Service)

7.2.2.1.1 L2FILTER ADD FIELDTYPE

Syntax

L2FILTER ADD FIELDTYPE <name> BASE <base_value> OFFSET

<offset_value> MASK <mask_value>

Description

This command allows the user to create their own filter field types.

Options

The following table gives the range of values for each option that can be specified with

this command and a default value (if applicable).

Example

--> l2filter add fieldType test_field base ethernet_header offset 10 mask 0xf

See also

L2FILTER SHOW FIELDTYPE

7.2.2.1.2 L2FILTER ADD PROFILE

Syntax

L2FILTER ADD PROFILE <name>

Description

This command adds a profile to the L2 filter module.

Options

The following table gives the range of values for each option that can be specified with

this command and a default value (if applicable).

Example

--> l2filter add profile InboundTraffic

See also

L2FILTER SHOW PROFILE

7.2.2.1.3 L2FILTER ADD RULE

Syntax

L2FILTER ADD RULE <name> STAGE <stage> ORDER <order>

Description

This command adds a rule to the module that can be attached to a profile.

Option

Description

Default Value

name

The name of the new field type

n/a

base_value

The location in the packet to offset from

n/a

offset_value

The offset distance from the base to compare

n/a

mask_value

The mask to apply at the offset

n/a

Option

Description

Default Value

name

The name of the rule

n/a

Page 760 / 998

L2Filter

L2Filter Command Reference

iMG/RG Software Reference Manual (Quality of Service)

7-64

Options

The following table gives the range of values for each option that can be specified with

this command and a default value (if applicable).

Example

--> l2filter add rule TestRule stage 1 order 2

See also

L2FILTER SHOW RULE

7.2.2.1.4 L2FILTER CLEAR FIELDTYPES

Syntax

L2FILTER CLEAR FIELDTYPES

Description

This command will clear all the available field types from the system.

Example

--> l2filter clear fieldtypes

See also

L2FILTER LIST FIELDTYPES

7.2.2.1.5 L2FILTER CLEAR PROFILES

Syntax

L2FILTER CLEAR PROFILES

Description

This command will clear all the available profiles from the system.

Example

--> l2filter clear profiles

See also

L2FILTER LIST PROFILES

7.2.2.1.6 L2FILTER CLEAR RULES

Syntax

L2FILTER CLEAR RULES

Description

This command will clear the available rules from the system.

Example

--> l2filter clear rules

See also

L2FILTER LIST RULES

7.2.2.1.7 L2FILTER DELETE FIELDTYPE

Syntax

L2FILTER DELETE FIELDTYPE <name>

Option

Description

Default Value

name

The name of the rule

n/a

stage

The stage of processing in which this rule will be applied

1

order

The order in the stage when this rule will be applied

1

Rate

Popular Allied-Telesis Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share