Perle Systems IOLINK-520 manual Pattern Filter Operators, Bridge Pattern Filtering

Page 70

Programmable Filtering

Pattern Filter Operators

The following operators are used in creating Pattern filters and will be discussed further in the following pages. For additional information refer to the octet locations diagrams at the back of this manual. Each octet location may contain a HEX value.

-

offset

Used in pattern filters to determine the starting position to start the pattern checking.

 

 

Example:

12-80

This filter pattern will match if the packet information starting at

 

 

 

 

the 12th octet equals the 80 of the filter pattern.

OR

Used in combination filters when one or the other conditions must be met.

 

 

Example:

10-2012-80

This filter pattern will match if the packet information starting at

 

 

 

 

the 10th octet equals the 20 of the filter pattern or if the packet

 

 

 

 

information starting at the 12th octet equals the 80 of the filter

 

 

 

 

pattern.

&

AND

Used in combination filters when one and the other conditions must be met.

 

 

Example:

10-20&12-80

This filter pattern will match if the packet information starting at

 

 

 

 

the 10th octet equals the 20 of the filter pattern and the packet

 

 

 

 

information starting at the 12th octet equals the 80 of the filter

 

 

 

 

pattern.

~

NOT

Used in pattern filters to indicate that all packets not matching the defined pattern will be filtered.

 

 

Example:

~12-80

This filter pattern will match if the packet information starting at

 

 

 

 

the 12th octet does not equal the 80 of the filter pattern.

( )

brackets

Used in pattern filters to separate portions of filter patterns for specific operators.

 

 

Example:

12-80&(14-2414-32)

This filter pattern will be checked in two operations. First the

 

 

 

 

section in brackets will be checked and then the results of the first

check will be used in the second check using the first portion of the filter patter. If the packet information starting at the 14th octet equals 24 or 32, and the information at the 12th octet equals 80, the filter pattern will match.

Bridge Pattern Filtering

Protocol Discrimination

Protocol discrimination may be required to prevent or limit the protocols that may traverse a bridged Local Area Network.

In Local Area Networks there may be many different Network and Transport layer protocols that coexist on the same physical media. TCP/IP, DECNET, and XNS are just a few of the common protocols in use today. Each of these protocols is encapsulated within an Ethernet frame, and therefore is transparent to the normal bridging function. If you would like to discriminate against a particular protocol to prevent its use of the bridged LAN facilities, the IOLINK router provides programmable filter masks that may be defined to act on any part of the Ethernet frame.

In the examples below, several protocol types and combinations are presented to demonstrate the use of programmable filter masks to control the protocol traffic between Local Area Network segments. Since there are many possible combinations, these examples are only representative of some of them.

IOLINK-PRO & 520 Reference Manual — B.7

Image 70
Contents Reference Manual IOLINK-PRO & 520 Routers IP Routing and the IOLINK-PRO & 520 RoutersProxy ARP ARP-Address Resolution ProtocolComplete IP Connection IOLINK-PRO & 520 Reference Manua Time to live IP Header DetailsProtocol Header ChecksumUnreachable Icmp MessagesOptions RedirectPing Time and Mask serverRIP-Routing Information Protocol Update MechanismRoute Tables Network Layer Addressing vs. MAC Addressing IPX Routing and The IOLINK-PRO & 520 RoutersIPX Addressing IPX Address FormatOther IPX Header Information IPX HeaderEstablishing an IPX Connection Service Advertisement ProtocolSAP Broadcasts SAP Requests Server TypesRouting Information Protocol RIP/X OperationRIP/X Requests Bridging and the IOLINK-PRO & 520 RoutersRIP/X Metrics Initial Bridging Process Station Address LearningAging Timer Address PurgingFilled Address Table Aging ExceptionTelnet Iolink Router Feature DefinitionsLink Compression Introduction Point-to-Point WAN TopologiesBandwidth On Demand MultipointTime of Day Connect Application Operating Software Upgrades Disaster Recovery Backup LinkIsdn Single Active Link & Dual Active Link Wide Area Network Topologies Supported Iolink PRO & 520 Isdn Connection ManagementCall Establishment Methods Isdn Connection Management Auto-Call Time-of-Day ConnectionsAddress Connect Manual CallConnection Process CombinationSuspension Process Idle TimerProtocol Awareness Interesting TrafficSession Keepalive Messages Termination ProcessSuspension of TCP/IP Sessions IP SpecificsIP Address Connect RIP-Routing Information ProtocolSuspension of IPX Sessions IPX SpecificsRIP/IPX and SAP/IPX IPX Serialization FramesModule Identification Pinout InformationLink Clocking Information ATL CSU/DSU Link Module Information Link Interfaces ReferenceConsole Pinouts CSU/DSU Module T1/E1 Module24 & RS232C Link Pinouts RS232 Link Pinouts11 & X.21 Link Pinouts DB15 Female DTE Direction Contact Circuits From NumberRS442 & RS530 Link Pinouts DB25 Female DTE Direction Contact Circuit From Number NameDB25 Link PinoutsNumber Name RS232 Null-Modem Cable Configuration 11 RS232 Null-Modem CableNull-Modem Cable Configuration 12 V.35 Null-Modem CableRS530 Null-Modem Cable Configuration 13 RS530 Null-Modem CableRS530 To RS449 Conversion Cable 14 RS530 to RS449 Conversion Cable11/X.21 Null-Modem Cable Configuration 15 V.11/X.21 Null-Modem CableWAN Link Control-Signal Operation Appendix a Event Logs Event logsEvent Logs IOLINK-PRO & 520 Reference Manual A.3 Event Logs IOLINK-PRO & 520 Reference Manual A.5 Event Logs IOLINK-PRO & 520 Reference Manual A.7 Event Logs Alarm Logs Event Logs IOLINK-PRO & 520 Reference Manual A.11 Event Logs IOLINK-PRO & 520 Reference Manual A.13 Event Logs IOLINK-PRO & 520 Reference Manual A.15 Event Logs IOLINK-PRO & 520 Reference Manual A.17 Event Logs IOLINK-PRO & 520 Reference Manual A.19 PPP Security Logs MAC Address Filtering SecurityProgrammable Filtering Security-Filter if DestinationSecurity-Filter if Source Security-Forward if Destination Security-Forward if Source Programmable Filtering Bridge Pattern Filtering Pattern Filter OperatorsProtocol Discrimination Filter all IP Packets Protocol Type FieldInternet Protocol IP IP, and no moreFilter all IP without TCP traffic Transport Control Protocol / Internet Protocol TCP/IPFilter only TCP/IP Filter all except TCP/IPEthernet Broadcasting Bandwidth ConservationFilter all DEC Ethernet MulticastingInternet Addresses General RestrictionsEthernet Station Addresses Mask Combinations Mask would be 6-010203040506&12-0800&23-06 ExampleIP Router Pattern Filtering IPX Router Pattern FilteringPage Appendix C Frame Formats Octet Locations on an IP Routed TCP/IP Frame IOLINK-PRO & 520 Reference Manual C.3