Perle Systems P840 manual Protocol Type Field, Internet Protocol IP, Filter all IP Packets

Page 48

Filtering

In Local Area Networks there may be many different Network and Transport layer protocols that coexist on the same physical media. TCP/IP, DECNET, and XNS are just a few of the common protocols in use today. Each of these protocols is encapsulated within an Ethernet frame, and therefore is transparent to the normal bridging function. If you would like to discriminate against a particular protocol to prevent its use of the bridged LAN facilities, the P840 router provides programmable filter masks that may be defined to act on any part of the Ethernet frame.

In the examples below, several protocol types and combinations are presented to demonstrate the use of programmable filter masks to control the protocol traffic between Local Area Network segments. Since there are many possible combinations, these examples are only representative of some of them.

The Bridge Filter Patterns menu is located under the FILTER SET-UP MENU. Within the Bridge Filter Patterns Menu there exists a Help function that can be used as a reference during Bridge Filter Pattern creation. This Help function includes all of the logical operators that may be applied to the mask expression.

Protocol Type Field

Within an Ethernet frame, a protocol field exists at octet 12 and 13. These two octets, or 8-bit bytes, will represent the type of higher level protocol that exists in the Ethernet frame. There are more than 100 different protocol types that are defined for use within an Ethernet frame. In many networks there will be fewer than 10 that are in use, but in many larger networks there may be upwards of 30 or more. This, of course, will depend on the type of equipment and the applications that are being used within the Local Area Network.

Internet Protocol (IP)

The Internet Protocol (IP) is the most widely used protocol within an Ethernet environment. As a result there may be a need to restrict in one form or another this protocol traffic.

Filter all IP Packets

To prevent IP traffic from being passed across the bridged network, a mask must be created that represents this protocol type. The IP protocol type is 0800H.

Since the protocol field starts at octet location 12, the necessary filter mask to prevent IP traffic from traversing the bridged network is as follows: 12-0800

The 12 is the offset into the Ethernet frame, the “-” is the argument separator, and the 0800 represents the protocol type of IP.

In this example, whenever a frame is seen on the LAN port, for which this filter mask has been specified, with a protocol of type equal to IP, the frame will be filtered.

Note that when you filter on IP frames, all frames using the IP protocol will also be filtered. This includes TCP, UDP, SNMP, etc.

IP, and no more

This example performs just the opposite function to the above example. Only IP packets will be allowed to be passed across the bridged network.

For this function there must be a method to prevent all but IP packets from being filtered. For this the NOT (“~”)logical operator is used. The NOT operator specifies that the expression has to be FALSE before the frame is filtered. In other words, only frames that are NOT equal to the expression will be filtered and discarded.

To create this mask, the following expression is entered:

~(12-0800)

The parenthesis simply ensures that the NOT operator will apply to the entire expression.

48

Image 48
Contents Perle P840 Introduction P840 RouterARP-Address Resolution Protocol IP Routing and the P840 RouterProxy ARP Complete IP Connection IP Header Details Icmp Messages UnreachableRedirect QuenchUpdate Mechanism RIP-Routing Information ProtocolPing Time and Mask serverBridging and the P840 Router Initial Bridging ProcessStation Address Learning Aging Timer Filled Address Table Address PurgingAging Exception P840 Router Feature Definitions TelnetLink Compression Typical Compression Ratios by File Type WAN Topologies Bandwidth On DemandMultilink MultipointOperating Software Upgrades Time of Day Connect ApplicationP840 Isdn Connection Management Wide Area Network Topologies SupportedCall Establishment Methods Isdn Connection Management Auto-Call Time-of-Day ConnectionsAddress Connect Manual CallConnection Process CombinationIdle Timer Protocol AwarenessSuspension Process Interesting TrafficP840 Session Participation Spoofing Suspended ServerIP Specifics Termination ProcessIP Address Connect Suspension of TCP/IP SessionsConsole Connector Pinout InformationEvent Logs Event logsEvent Logs Event Logs Event Logs Event Logs Event Logs Alarm logs Event Logs Event Logs Event Logs Code Description Code Event Logs Event Logs Event Logs Event Logs Event Logs PPP Security logs MAC Address Filtering SecurityFiltering Security-Filter if DestinationSecurity-Filter if Source Security-Forward if Destination Filtering Security-Forward if SourceFiltering Pattern Filter Operators Bridge Pattern FilteringProtocol Discrimination Protocol Type Field Internet Protocol IPFilter all IP Packets IP, and no moreFiltering Transport Control Protocol / Internet Protocol TCP/IP Filter only TCP/IPFilter all IP without TCP traffic Filter all except TCP/IPBandwidth Conservation Filter all DECEthernet Broadcasting Ethernet MulticastingGeneral Restrictions Internet AddressesEthernet Station Addresses Mask Combinations Mask would be 6-010203040506&12-0800&23-06 ExampleIP Router Pattern Filtering Frame Formats Ethernet Type Codes Octet Locations on an IP Routed TCP/IP Frame Octet Locations on a Bridged XNS Frame

P840 specifications

Perle Systems is renowned for its high-performance networking hardware, and the Perle P840 model exemplifies this reputation with its advanced features and technologies. Designed for small to medium-sized enterprises, the P840 serves as a versatile and reliable solution for connectivity needs.

One of the main features of the Perle P840 is its robust network performance, supporting both Ethernet and serial connectivity. With support for RS-232, RS-422, and RS-485 interfaces, the P840 enables seamless integration of legacy devices into modern network architectures, allowing businesses to leverage existing infrastructure without the need for extensive upgrades.

The P840 also boasts advanced security features to protect sensitive data during transmission. It supports SSL encryption and VPN capabilities, ensuring that data travels securely across the network. Additionally, it implements strong authentication protocols, providing organizations with peace of mind knowing that their communications are safeguarded against potential threats.

Another standout characteristic of the P840 is its flexibility in configuration. It offers multiple port configurations, allowing for customization based on specific user needs. With options for both managed and unmanaged modes, the device can easily adapt to various network environments. This flexibility makes it suitable for diverse applications, including industrial automation, process control, and telecommunications.

The Perle P840 is designed for durability and reliability, featuring a rugged enclosure that can withstand demanding environments. Its solid-state components reduce the risk of failure, contributing to increased uptime and lower maintenance costs. Furthermore, the compact design allows for easy installation in tight spaces, making it a practical choice for various deployment scenarios.

In terms of management and monitoring, the P840 includes an intuitive web-based interface, enabling administrators to configure settings and monitor network performance effortlessly. SNMP support further enhances management capabilities, allowing for integration into larger network management systems.

Overall, the Perle P840 stands out as a powerful solution for enterprises seeking seamless connectivity, robust security, and flexibility in configuration. Its combination of advanced features and durable design makes it an ideal choice for industries requiring reliable serial and network connectivity in challenging environments. With the P840, businesses can build a resilient networking infrastructure that supports their growing demands while safeguarding their critical data.