Perle Systems IOLINK-520 Transport Control Protocol / Internet Protocol TCP/IP, Filter all LAT

Page 72

Programmable Filtering

Transport Control Protocol / Internet Protocol (TCP/IP)

The previous example showed how to filter all Ethernet frames that contained an IP protocol packet. However, IP is used as the Network-layer protocol for more than 40 different Transport-layer protocols, TCP being only one of them. Therefore, with the mask that was used as noted in the previous IP example, all Transport layer protocols that used IP would also be filtered. This may not be desirable in all cases.

For this example, the discrimination of the Transport Layer used within an IP packet will be demonstrated. This requires an AND function, since we want to filter data that both is IP and contains TCP information.

Within the IP frame, there is a single octet field that may be used to indicate the protocol of the Transport layer, or the protocol of the data in the IP packet. If TCP were the protocol within the IP packet, this octet, or 8-bit byte, would be equal to 6.

The location of this field, remembering that the start of the Ethernet frame is always the base reference, is octet 23.

Filter only TCP/IP

To filter only those packets that are TCP/IP, the mask would therefore be: 12-0800&23-06

The 12-0800 is the IP expression and the 23-06 will represent TCP in an IP frame. The “&” is the logical AND operator, so the expression requires that the frame be both an IP and TCP.

Filter all IP without TCP traffic

To filter all IP packets that do not contain TCP traffic, the mask would be: 12-0800&~(23-06)

Filter all except TCP/IP

To filter all other packets except TCP/IP packets, the mask would be: ~(12-0800&23-06)

Local Area Transport (LAT)

The Local Area Transport (LAT) protocol is used exclusively by DEC for terminal access between DEC hosts and terminal servers located on an Ethernet network.

This example is similar to the Internet Protocol example described previously.

The protocol type field value that is used for LAT frames is equal to 6004.

Filter all LAT

Therefore, to filter all LAT frames, the filter mask would be: 12-6004

Filter all but LAT

To filter all frames but LAT frames, the filter mask would be: ~(12-6004)

IOLINK-PRO & 520 Reference Manual — B.9

Image 72

Contents Reference Manual IOLINK-PRO & 520 Routers IP Routing and the IOLINK-PRO & 520 RoutersARP-Address Resolution Protocol Proxy ARPComplete IP Connection IOLINK-PRO & 520 Reference Manua IP Header Details ProtocolTime to live Header ChecksumIcmp Messages OptionsUnreachable RedirectPing Time and Mask serverUpdate Mechanism RIP-Routing Information ProtocolRoute Tables IPX Routing and The IOLINK-PRO & 520 Routers IPX AddressingNetwork Layer Addressing vs. MAC Addressing IPX Address FormatOther IPX Header Information IPX HeaderService Advertisement Protocol Establishing an IPX ConnectionSAP Broadcasts Server Types Routing Information ProtocolSAP Requests RIP/X OperationBridging and the IOLINK-PRO & 520 Routers RIP/X RequestsRIP/X Metrics Initial Bridging Process Station Address LearningAging Timer Address PurgingFilled Address Table Aging ExceptionIolink Router Feature Definitions TelnetLink Compression Introduction WAN Topologies Bandwidth On DemandPoint-to-Point MultipointTime of Day Connect Application Disaster Recovery Backup Link Operating Software UpgradesIsdn Single Active Link & Dual Active Link Iolink PRO & 520 Isdn Connection Management Wide Area Network Topologies SupportedCall Establishment Methods Isdn Connection Management Auto-Call Time-of-Day ConnectionsAddress Connect Manual CallConnection Process CombinationIdle Timer Protocol AwarenessSuspension Process Interesting TrafficSession Keepalive Messages Termination ProcessIP Specifics IP Address ConnectSuspension of TCP/IP Sessions RIP-Routing Information ProtocolIPX Specifics RIP/IPX and SAP/IPXSuspension of IPX Sessions IPX Serialization FramesPinout Information Module IdentificationLink Clocking Information ATL CSU/DSU Link Module Information Link Interfaces ReferenceConsole Pinouts CSU/DSU Module T1/E1 Module24 & RS232C Link Pinouts RS232 Link Pinouts11 & X.21 Link Pinouts DB15 Female DTE Direction Contact Circuits From NumberRS442 & RS530 Link Pinouts DB25 Female DTE Direction Contact Circuit From Number NameLink Pinouts DB25Number Name RS232 Null-Modem Cable Configuration 11 RS232 Null-Modem CableNull-Modem Cable Configuration 12 V.35 Null-Modem CableRS530 Null-Modem Cable Configuration 13 RS530 Null-Modem CableRS530 To RS449 Conversion Cable 14 RS530 to RS449 Conversion Cable11/X.21 Null-Modem Cable Configuration 15 V.11/X.21 Null-Modem CableWAN Link Control-Signal Operation Appendix a Event Logs Event logsEvent Logs IOLINK-PRO & 520 Reference Manual A.3 Event Logs IOLINK-PRO & 520 Reference Manual A.5 Event Logs IOLINK-PRO & 520 Reference Manual A.7 Event Logs Alarm Logs Event Logs IOLINK-PRO & 520 Reference Manual A.11 Event Logs IOLINK-PRO & 520 Reference Manual A.13 Event Logs IOLINK-PRO & 520 Reference Manual A.15 Event Logs IOLINK-PRO & 520 Reference Manual A.17 Event Logs IOLINK-PRO & 520 Reference Manual A.19 PPP Security Logs MAC Address Filtering SecurityProgrammable Filtering Security-Filter if DestinationSecurity-Filter if Source Security-Forward if Destination Security-Forward if Source Programmable Filtering Pattern Filter Operators Bridge Pattern FilteringProtocol Discrimination Protocol Type Field Internet Protocol IPFilter all IP Packets IP, and no moreTransport Control Protocol / Internet Protocol TCP/IP Filter only TCP/IPFilter all IP without TCP traffic Filter all except TCP/IPBandwidth Conservation Filter all DECEthernet Broadcasting Ethernet MulticastingGeneral Restrictions Internet AddressesEthernet Station Addresses Mask Combinations Mask would be 6-010203040506&12-0800&23-06 ExampleIP Router Pattern Filtering IPX Router Pattern FilteringPage Appendix C Frame Formats Octet Locations on an IP Routed TCP/IP Frame IOLINK-PRO & 520 Reference Manual C.3