Net Optics none manual Exclusive filters, N1.1 ipproto=UDP action=drop N1.1 m.1

Page 39

Director

Note:__________________________________________________________________________________________________

Instead of filter add, you can use a filter ins command to define filters. The only difference is that filter ins allows you to specify the filter's ID, which is its position in the pending filter list. (Use filter list so see the IDs of all pending filters.) When you use a filter ins command, the first parameter must be id=<id> where <id> is a decimal number in the range 1 to 999. For example: filter ins id=2 in_ports=n1.1 out_ports=m.1 defines a filter that sends all the traffic from Network Port 1 to Monitor Port 1 and places this filter in the second location in the pending filter list.

________________________________________________________________________________________________________

Tip!____________________________________________________________________________________________________

The filter del command can be used to delete a filter from the pending filter list. The syntax is a filter del id=<id> where <id> is a decimal number in the range 1 to 999 corresponding to the position in the pending filter list. Use the filter list command so see the IDs of all pending filters.

________________________________________________________________________________________________________

Exclusive filters

Filters can be specified using action=drop in order to create exclusive filters. (An exclusive filter excludes packets rather an including them.) For example, suppose you would like to monitor all traffic on a link except for the UDP traffic. To specify this filter, use the following commands. Note that the drop filter must come first so it is earlier in the CAM.

filter add in_ports=n1.1 ip_proto=17 action=drop filter add in_ports=n1.1 action=redir redir_ports=m.1 filter commit

Network Port 1

 

Protocol =

match

(drop)

 

UDP

 

 

 

 

 

no match

CAM

Address Filter

1n1.1 ip_proto=UDP action=drop

2n1.1 m.1

All

 

Monitor Port 1

 

￿lter add in_ports=n1.1 ip_proto=17 action=drop

￿lter add in_ports=n1.1 action=redir redir_ports=m.1

Figure 38: Creating an exclusive filter

Tip!____________________________________________________________________________________________________

If you only define switch connections, with no filtering, the CAM is not involved and the switches do not interact.

________________________________________________________________________________________________________

Tip!____________________________________________________________________________________________________

Filters that use exclusive sets of Network ports (each Network port is included in only a single filter) do not interact. For example,

filter add in_ports=n1.1-n1.5<filter_parameter_list> <monitor_port_list> does not interact with

filter add in_ports=n1.6-n1.10<filter_parameter_list> <monitor_port_list>

________________________________________________________________________________________________________

35

*** Confidential - DO NOT Distribute ***

Page 38 Page 40
Image 39
Page 38 Page 40
Contents Smart Filtering Appliance Trademarks and Copyrights Contents Filter parameters Appendix aAppendix B Appendix CChapter Introduction Passive, Secure Technology Key FeaturesEase of Use Monitor port FilteringDescription About this GuideDirector internal architecture Director ArchitectureDirector Management USB portNetwork Links Typical ApplicationMonitoring Tools IBypass Switch Method In-line Monitoring of 10 Gigabit LinksExternal Network Tap method DNM / Network Port LEDs Power LEDsDirector Front Panel Monitor Port LEDsXFP Director Rear PanelChapter Installing Director Unpack and Inspect the Director device Plan the InstallationInstall Director Network Modules Install SFP and XFP Monitor port ModulesRack Mount the Director device Connect the local CLI Interface Connect Power to DirectorTo connect the CLI for remote use over the Management port Connect the remote CLI InterfaceBaud Data bits No parity 1 stop bit No flow control TipTo log into the CLI Log into the CLIConfigure Director using the CLI Change Director User Name and PasswordTo change the user name and password Change Port Modes To change the port modeAssign a New Manager IP Address To assign a new Manager IP address to DirectorSet the Current Date and Time Save and Load Director ConfigurationsTo view CLI help information Using the CLI Help CommandCurrent config file Using the CLI Command History BufferTo connect a Span port Connect Span Ports to DirectorTo connect an in-line network link Connect Director With In-line Network LinksConfigure a Matrix Switch connection in Director Check the InstallationConnect Monitoring Tools to Director Syntax Chapter Configuring Filters Using the CLICopy Traffic From Any Network Port to Any Monitor Port Enter filter commit. The switch connection is activatedLter add inports=n1.1 action=redir redirports=m.3-m.5 Regenerate Traffic to Any Set of Monitor PortsTo create a filter that selects IPv4 packets by protocol Create FiltersLogical and filter connection Create Complex FiltersUDP View filtersConfigurable 10 Gigabit XFP ports used as Network ports Work with configurable 10 Gigabit ports Network Port 11 XFP Port CAM Understand filter interactionsFlow diagram now looks as follows N1.1 ipproto=UDP action=drop N1.1 m.1 Exclusive filtersUnderstand pending and active filters To change the Director filter configurationEnter filter list to view the pending filter list Filter capacity User interactionsDaisy-chaining Multiple Director Chassis Specifications, chassis Appendix a Director SpecificationsAvailable Models Specifications, DNMEnvironmental CertificationsCommand Sub-Command Parameters Example and description Appendix B Command Line InterfaceSrc=10.1.1.1 action=drop Command may includeFilter add and filter ins commands Filter add ipv6=n inports=n1.1-n1.3 ipFilter sync Load myconfiguration-1Filter list Filter runningPing Save myconfiguration-1Show myconfiguration-1 PasswdTime Sysip commitSysip ipaddr=192.168.1.2 netmask=255.255.0.0 Sysip showIs only This This command is only available at root level CommandUser show User add name=bob pw=bob-pw priv=3Director Filter Parameters Qual Value Example Description Filter parametersNum Keyword Protocol Appendix C Protocol NumbersMobile L2TP Limitations on Warranty and Liability By Net Optics, Inc. All Rights Reserved
Top Page Image Contents