Net Optics Director manual Filter parameters

Page 53

Director

Filter parameters

Switches and filters are defined using the filter add and filter ins commands. The filter add command syntax is:

filter ipv6=y add in_ports=<portlist> <filter_parameter_list> action=<redirdrop> redir_ports=<portlist>

The <filter_parameter_list> is a sequence of zero or more of the filter qualifiers as listed in the following table.

If the <filter_parameter_list> is empty, the filter add command specifies an aggregation of the traffic received on all of the in_ports. If the action=redir, the aggregated traffic stream is regenerated to all of the redir_ports.

If the <filter_parameter_list> contains filters, aggregation and regeneration take place as described in the previous paragraph. However, the filters are applied to the aggregated traffic stream before it is copied to the monitor ports. If multiple filter qualifiers are specified, a packet must satisfy all of the filter qualifiers in order to be copied to the monitor ports. In other words, the filter qualifiers are combined with a logical AND condition. A logical OR condition can be created by using multiple filter add commands with identical port lists.

The filter add and filter ins commands define filters but do not activate them. A subsequent filter commit or commit command must be executed to activate the filters. This mechanism enables an interrelated group of filters to be activated simultaneously. It also allows you to double-check your filter definitions before you activate them. The commit command also rewrites the default Director configuration (the defaultcfg file), while filter commit does not.

Note that IPv6 and IPv4 filters are maintained separately. It is important to include the "ipv6=y" argument when dealing with IPv6 filters, and omit it when dealing with IPv4 filters.

It is also important to note that packets are filtered using a Content Addressable Memory or CAM. Each filter is a CAM entry, and the CAM is filled in the order that the filter add commands are entered. Filter ins commands create filters in specific locations in the CAM. When a packet is processed, the first filter in the CAM that matches the packet is the only filter that is activated. Each packet can activate exactly zero or one filters. See Understand filter interactions near the end of Chapter 3 for examples.

All supported filter qualifiers are shown in the table on the following page.

49

Page 52 Page 54
Image 53
Page 52 Page 54
Contents Data Monitoring Switch Trademarks and Copyrights Contents Chapter Chapter Configuring Filters Using the CLIAppendix a Appendix BChapter Introduction Ease of Use Key FeaturesMonitor port Filtering Passive, Secure TechnologyDescription About this GuideDirector internal architecture Director ArchitectureDirector Management USB portNetwork Links Typical ApplicationMonitoring Tools In-line Monitoring of 10 Gigabit Links 10 Gigabit in-line network connection using a network TapDirector Front Panel Power LEDsMonitor Port LEDs DNM / Network Port LEDsXFP Director Rear PanelChapter Installing Director Unpack and Inspect the Director device Plan the InstallationRack Mount the Director device Install Director Network ModulesInstall SFP and XFP Monitor port Modules Connect the local CLI Interface Connect Power to DirectorBaud Data bits No parity 1 stop bit No flow control Connect the remote CLI InterfaceTip To connect the CLI for remote use over the Management portTo log into the CLI Log into the CLITo change the login password Configure Director using the CLIChange Director Password Assign a New Manager IP Address To change the port modeTo assign a new Manager IP address to Director Change Port ModesSet the Current Date and Time Save and Load Director ConfigurationsTo view CLI help information Using the CLI Help CommandShow name show running, factory, default, or file name Using the CLI Command History BufferTo connect a Span port Connect Span Ports to DirectorTo connect an in-line network link Connect Director With In-line Network LinksConnect Monitoring Tools to Director Configure a Matrix Switch connection in DirectorCheck the Installation Syntax Chapter Configuring Filters Using the CLICopy Traffic From Any Network Port to Any Monitor Port Enter filter commit. The switch connection is activatedLter add inports=n1.1 action=redir redirports=m.3-m.5 Regenerate Traffic to Any Set of Monitor PortsTo create a filter that selects IPv4 packets by protocol Create FiltersLogical and filter connection Create Complex FiltersUDP View filtersConfigurable 10 Gigabit XFP ports used as Network ports Work with configurable 10 Gigabit portsXFP Port Protocol = Monitor Port CAM Understand filter interactionsFlow diagram now looks as follows N1.1 ipproto=UDP action=drop N1.1 m.1 Exclusive filtersUnderstand pending and active filters To change the Director filter configurationFilter running command Enter filter list to view the pending filter list Inports=n1.1-n1.7 Ipproto=6 Vlan=100 Redirports=m.1-m.5,m.10 Filter capacityDaisy-chaining Multiple Director Chassis Specifications, chassis Appendix a Director SpecificationsEnvironmental Specifications, DNMCertifications Available ModelsAppendix B Command Line Interface Commit Command Sub-Command Arguments Example and descriptionFilter discard Image Quit User add name=bob pw=bob-pw priv=3 Filter parameters Vlan=128 Director Filter Parameters Qual Value Example DescriptionNum Keyword Protocol Appendix C Protocol NumbersMobile L2TP Limitations on Warranty and Liability By Net Optics, Inc. All Rights Reserved
Top Page Image Contents