Perle Systems IOLINK-520 manual Protocol Type Field, Internet Protocol IP, Filter all IP Packets

Page 71

Programmable Filtering

The Bridge Filter Patterns menu is located under the FILTER SET-UP MENU. Within the Bridge Filter Patterns Menu there exists a Help function that can be used as a reference during Bridge Filter Pattern creation. This Help function includes all of the logical operators that may be applied to the mask expression.

Protocol Type Field

Within an Ethernet frame, a protocol field exists at octet 12 and 13. These two octets, or 8-bit bytes, will represent the type of higher level protocol that exists in the Ethernet frame. There are more than 100 different protocol types that are defined for use within an Ethernet frame. In many networks there will be fewer than 10 that are in use, but in many larger networks there may be upwards of 30 or more. This, of course, will depend on the type of equipment and the applications that are being used within the Local Area Network.

Internet Protocol (IP)

The Internet Protocol (IP) is the most widely used protocol within an Ethernet environment. As a result there may be a need to restrict in one form or another this protocol traffic.

Filter all IP Packets

To prevent IP traffic from being passed across the bridged network, a mask must be created that represents this protocol type. The IP protocol type is 0800H.

Since the protocol field starts at octet location 12, the necessary filter mask to prevent IP traffic from traversing the bridged network is as follows: 12-0800

The 12 is the offset into the Ethernet frame, the “-” is the argument separator, and the 0800 represents the protocol type of IP.

In this example, whenever a frame is seen on the LAN port, for which this filter mask has been specified, with a protocol of type equal to IP, the frame will be filtered.

Note that when you filter on IP frames, all frames using the IP protocol will also be filtered. This includes TCP, UDP, SNMP, etc.

IP, and no more

This example performs just the opposite function to the above example. Only IP packets will be allowed to be passed across the bridged network.

For this function there must be a method to prevent all but IP packets from being filtered. For this the NOT (“~”) logical operator is used. The NOT operator specifies that the expression has to be FALSE before the frame is filtered. In other words, only frames that are NOT equal to the expression will be filtered and discarded.

To create this mask, the following expression is entered: ~(12-0800)

The parenthesis simply ensures that the NOT operator will apply to the entire expression.

In this case, whenever a frame is received, the frame will be filtered if the protocol type is NOT equal to 0800 (IP).

Only one filter pattern may be used that contains the NOT operator.

B.8 IOLINK-PRO & 520 Reference Manual

Page 70 Page 72
Image 71
Page 70 Page 72
Contents Reference Manual IP Routing and the IOLINK-PRO & 520 Routers IOLINK-PRO & 520 RoutersComplete IP Connection ARP-Address Resolution ProtocolProxy ARP IOLINK-PRO & 520 Reference Manua Header Checksum IP Header DetailsProtocol Time to liveRedirect Icmp MessagesOptions UnreachableTime and Mask server PingRoute Tables Update MechanismRIP-Routing Information Protocol IPX Address Format IPX Routing and The IOLINK-PRO & 520 RoutersIPX Addressing Network Layer Addressing vs. MAC AddressingIPX Header Other IPX Header InformationSAP Broadcasts Service Advertisement ProtocolEstablishing an IPX Connection RIP/X Operation Server TypesRouting Information Protocol SAP RequestsRIP/X Metrics Bridging and the IOLINK-PRO & 520 RoutersRIP/X Requests Station Address Learning Initial Bridging ProcessAddress Purging Aging TimerAging Exception Filled Address TableLink Compression Iolink Router Feature DefinitionsTelnet Introduction Multipoint WAN TopologiesBandwidth On Demand Point-to-PointTime of Day Connect Application Isdn Single Active Link & Dual Active Link Disaster Recovery Backup LinkOperating Software Upgrades Call Establishment Methods Iolink PRO & 520 Isdn Connection ManagementWide Area Network Topologies Supported Auto-Call Time-of-Day Connections Isdn Connection ManagementManual Call Address ConnectCombination Connection ProcessInteresting Traffic Idle TimerProtocol Awareness Suspension ProcessTermination Process Session Keepalive MessagesRIP-Routing Information Protocol IP SpecificsIP Address Connect Suspension of TCP/IP SessionsIPX Serialization Frames IPX SpecificsRIP/IPX and SAP/IPX Suspension of IPX SessionsLink Clocking Information Pinout InformationModule Identification Link Interfaces Reference ATL CSU/DSU Link Module InformationConsole Pinouts T1/E1 Module CSU/DSU ModuleRS232 Link Pinouts 24 & RS232C Link PinoutsDB15 Female DTE Direction Contact Circuits From Number 11 & X.21 Link PinoutsDB25 Female DTE Direction Contact Circuit From Number Name RS442 & RS530 Link PinoutsNumber Name Link PinoutsDB25 11 RS232 Null-Modem Cable RS232 Null-Modem Cable Configuration12 V.35 Null-Modem Cable Null-Modem Cable Configuration13 RS530 Null-Modem Cable RS530 Null-Modem Cable Configuration14 RS530 to RS449 Conversion Cable RS530 To RS449 Conversion Cable15 V.11/X.21 Null-Modem Cable 11/X.21 Null-Modem Cable ConfigurationWAN Link Control-Signal Operation Event logs Appendix a Event LogsEvent Logs IOLINK-PRO & 520 Reference Manual A.3 Event Logs IOLINK-PRO & 520 Reference Manual A.5 Event Logs IOLINK-PRO & 520 Reference Manual A.7 Event Logs Alarm Logs Event Logs IOLINK-PRO & 520 Reference Manual A.11 Event Logs IOLINK-PRO & 520 Reference Manual A.13 Event Logs IOLINK-PRO & 520 Reference Manual A.15 Event Logs IOLINK-PRO & 520 Reference Manual A.17 Event Logs IOLINK-PRO & 520 Reference Manual A.19 PPP Security Logs Security MAC Address FilteringSecurity-Filter if Destination Programmable FilteringSecurity-Filter if Source Security-Forward if Destination Security-Forward if Source Programmable Filtering Protocol Discrimination Pattern Filter OperatorsBridge Pattern Filtering IP, and no more Protocol Type FieldInternet Protocol IP Filter all IP PacketsFilter all except TCP/IP Transport Control Protocol / Internet Protocol TCP/IPFilter only TCP/IP Filter all IP without TCP trafficEthernet Multicasting Bandwidth ConservationFilter all DEC Ethernet BroadcastingEthernet Station Addresses General RestrictionsInternet Addresses Mask would be 6-010203040506&12-0800&23-06 Example Mask CombinationsIPX Router Pattern Filtering IP Router Pattern FilteringPage Appendix C Frame Formats Octet Locations on an IP Routed TCP/IP Frame IOLINK-PRO & 520 Reference Manual C.3
Top Page Image Contents