Perle Systems 1700 manual Pattern Filtering, Not

Page 72

Introduction to Filtering

Pattern Filtering

Pattern filtering is provided in three separate sections: Bridge Pattern Filters, IP Router Pattern Filters, and IPX Router Pattern Filters. When the router is operating as an IP/IPX Bridge/Router, each of the frames received is passed on to the appropriate internal section of the router. The IPX frames are passed on to the IPX router, the IP frames are passed on to the IP router, and all other frames are passed on to the bridge. Different pattern filters may be defined in each of these sections to provide very extensive pattern filtering on LAN traffic being sent to remote LANs.

Pattern filters are created by defining an offset value and a pattern match value. The offset value determines the starting position for the pattern checking. An offset of 0 indicates that the pattern checking starts at the beginning of the data frame. An offset of 12 indicates that the pattern checking starts at the 12th octet of the data frame. When a data frame is examined in its HEX format, an octet is a pair of HEX values with offset location 0 starting at the beginning of the frame. Please refer to Appendix C - Octet Locations on Ethernet Frames for more information on octet locations in data frames.

The pattern match value is defined as a HEX string that is used to match against the data frame. If the HEX data at the appropriate offset location in the data frame matches the HEX string of the filter pattern, there is a positive filter match. The data frame will be filtered according to the filter operators being used in the filter pattern.

The following operators are used in creating Pattern filters.

-

offset

Used in pattern filters to determine the starting position to start the pattern

 

 

checking.

 

 

Example:

12-80

This filter pattern will match if the packet

 

 

 

 

information starting at the 12th octet equals the 80

 

 

 

 

of the filter pattern.

OR

Used in combination filters when one or the other conditions must be met.

 

Example:

10-2012-80

This filter pattern will match if the packet

 

 

 

 

information starting at the 10th octet equals the 20

 

 

 

 

of the filter pattern or if the packet information

 

 

 

 

starting at the 12th octet equals the 80 of the filter

 

 

 

 

pattern.

&

AND

Used in combination filters when one and the other conditions must be

 

 

met.

 

 

 

Example:

10-20&12-80

This filter pattern will match if the packet

 

 

 

 

information starting at the 10th octet equals the 20

 

 

 

 

of the filter pattern and the packet information

 

 

 

 

starting at the 12th octet equals the 80 of the filter

 

 

 

 

pattern.

~

NOT

Used in pattern filters to indicate that all packets not matching the defined

 

 

pattern will be filtered.

 

66

Page 71 Page 73
Image 72
Page 71 Page 73
Contents Bridge / Routers User And System Administration Guide Federal Communications Commission FCC Using This Manual Contents Introduction to Filtering Appendix D Interface Pinouts Unpack the Router Select a SiteIdentify the Reset Switch Location of the Reset Hole on RouterIdentify the Connectors P1705P1730 Connect to the Console Make the Link ConnectionsPower Up the Bridge/Router Managing the P1705 & P1730 Using the MenusConventions Option NameLogin to Bridge/Router and Enter the Required Configuration PasswordT1 or E1 56/64 kbpsAs specifed First channelNumber of channels ReservedMandatory Configuration Isdn U Isdn S/T PPP IsdnIdentify the Status LEDs OffTypical Applications & How to Configure Them Bridging and Routing Should You Bridge or Route? Bridging Networks Bridged across a WAN linkIP Routing IP Address / Size of Subnet MaskIP Addressing Masks IP SubnetsDefining an IP Subnet Mask IP Default Gateway IP Static RouteIPX Routing Novell Servers in Both LocationsNovell Servers in One Location Only IPX Routed Local Area Networks Servers on one sideIPX Routing Ethernet-II FramesRAW 802.3 Frames Ieee 802.2 FramesNovell Server with Dual LANs IPX ForwardingSelect LAN1 or LAN2 PPP Link Configuration PPP OverviewNumbered Links Link IP addressUnnumbered Links Peer IP addressMultilink Operation Basic WAN Configurations Basic Isdn ConnectionsSwitch Type Directory NumberSpid Soft Reset Console after a full resetPPP Isdn Manual Call Quick Connections Manual Call IP Address / Subnet mask sizeBasic Frame Relay Configuration Frame Relay configurationAuto Learning the Frame Relay Configuration Link SpeedManual Configuration LMI Type LMI TypePPP Enabled Quick Start Frame RelayIP Address / mask size Basic Leased Line Configuration Quick Start PPP Leased Line ConnectionsBridge Connection Configure Remote Site Profiles Configure Remote Site Profiles for Isdn PPP Isdn NumberEnabled Configure Remote Site Profile for Frame Relay ªConfiguration WAN Set up Remote Site Set-upRemote Site Alias DlciPrimary Link CIRDisabled EIRConfigure Remote Site Profiles for Leased Line PPP Site profile Recovery ScheduleConfigure Remote Site Profiles for PPPoE ªenabledLAN ªTCP mss value ª1452 ªISP provided username ªPPPoE remote site aliasAdvanced Features Configure Dynamic Host Configuration ProtocolªServer ªIP Address / number of addressesIP address local DNS server IP address external DNS serverEnter the private network IP address of each service offered Network Address Translation and Port Translation11 Napt Configuration Configure PPP Security SecuritySecurity Level Incoming PAP Password Outgoing PAP PasswordIncoming Chap Secret Outgoing Chap Secret Configure Firewall 13 Sample Firewall ApplicationEnter ID# 1 for ISP remote site InboundID# 1 for ISP remote site FTP ServerFilter ID # Destination Address Destination MaskSource Address Source MaskCompression Network Address TranslationFilters Enable Bandwidth On DemandQOS Priority Queuing Location MainªPriority ªPriority List Number ªenable Simple Network Time Protocol SntpªIP Address ªTimeIntroduction to Filtering MAC Address FilteringPattern Filtering NotNetBIOS &NetBEUI Windows For Workgroups Popular FiltersBridge IP & Related TrafficNetBIOS over TCP IP RouterBanyan Other interesting TCP PortsAppendix a Menu Trees Menu Tree Menu Tree Appendix B Octet Locations on Ethernet Frames Octet Locations on a Bridged TCP/IP FrameConfiguration Pages Octet Locations Octet Locations on a Bridged XNS Frame Appendix C Servicing Information Opening the caseIdentifying the Internal Components To Clear a Lost Password Changing LAN or WAN InterfacesSelecting MDI or MDI-X LAN Interface Installing the Isdn Link Modules Processor settings for the Isdn Link ModulesConnecting to the ISDN-U Link Module Changing the Termination Straps on the Isdn S/T InterfacePerforming a Software Upgrade PC used for Tftp transfers Router a Router B Router C Pinout Information Link Clocking InformationATL-CSU/DSU Link Module Information Switches Console Pinouts DB25 Female DCE24 & RS232C Link Pinouts DB25 Female DTE11/X.21 Link Pinouts DB15 Female DTERS442 & RS530 Link Pinouts DB25 Female DTELink Pinouts DCERS232 Null-Modem Cable Configuration Figure D-9 RS232 Null-Modem CableNull-Modem Cable Configuration Figure D 10 V-35 Null-Modem CableRS530 Null-Modem Cable Configuration Figure D-11 RS530 Null-Modem CableRS530 To RS449 Conversion Cable Figure D-12 RS530 to RS449 Conversion Cable11/X.21 Null-Modem Cable Configuration Figure D-13 V.11/X.21 Null-Modem Cable
Top Page Image Contents