Manuals / Brands / Computer Equipment / Switch / 3Com / Computer Equipment / Switch

3Com 2200 Displaying Packet Filters , Creating Packet Filters

1 200

Download 200 pages, 952.17 Kb

Displaying Packet Filters 12-3

Displaying

Packet Filters When displaying the contents of a single packet ﬁlter, you select the packet

ﬁlter using the ﬁlter id (which you can obtain by listing the packet ﬁlters

as described in the previous section). The packet ﬁlter instructions are

displayed; however, any comments in the original packet ﬁlter deﬁnition

ﬁle are not displayed because they are not saved with the packet ﬁlter.

To display the contents of a packet ﬁlter:

1From the top level of the Administration Console, enter:

bridge packetFilter display

You are prompted for the number of the packet ﬁlter you want to display.

2Enter the packet ﬁlter id number.

The contents of the packet ﬁlter are displayed. An example of the output

generated by this command is shown next. The packet ﬁlter id and name

are displayed, followed by a listing of the packet ﬁlter instructions.

Select packet filter to be displayed [1-n]: 2

Packet filter 2 - Type > 900 or Multicast

name “Type > 900 or Multicast”

pushLiteral.w 0x900

pushField.w 12

gt

reject

pushField.b 0

pushLiteral.b 0x01

and

not

Creating Packet

Filters You create custom packet ﬁlters by writing a packet ﬁlter deﬁnition. Each

packet-processing path on a port may have a unique packet ﬁlter deﬁnition

or may share a deﬁnition with other ports. Packet ﬁlter deﬁnitions are

written in the packet ﬁlter language. This language allows you to construct

complex logical expressions.

After writing a packet ﬁlter deﬁnition, you load it into a Switch 2200 and the

corresponding port assignments are preserved in the nonvolatile memory

(NVRAM) of the system. This ensures that the packet ﬁlter conﬁguration for

each system is saved across system reboots and power failures.

Top-Level Menu

system

ethernet

fddi

➧bridge

ip

snmp

analyzer

script

logout

display

ipFragmentation

ipxSnapTranslation

addressThreshold

agingTime

stpState

stpPriority

stpMaxAge

stpHelloTime

stpForwardDelay

stpGroupAddress

port

➧packetFilter

list

➧display

create

delete

edit

load

assign

unassign

addressGroup

portGroup

Contents

Main 3Com Corporation 95052-8145 Santa Clara, California 5400 Bayfront Plaza C ONTENTS II II S -L F III E FDDI P IV B P Page 13 PART APPENDIXES A B I ABOUT THIS GUIDE How to Use This Guide Switch 2200. The parts of the guide are described in Table 1. Conventions this guide. Switch 2200 Documentation Documentation Comments Page S UPER Conguration Tasks VERVIEW O S WITCH TACK II S 2200 A Page Page Page Page Page Page 2 A Initial User Access Levels of User Access Page Using Menus to Perform Tasks Page Page 2-6 CHAPTER 2: HOW TO USE THE ADMINISTRATION CONSOLE Figure 2-4 Bridging Menu Hierarchy for Administer Access Figure 2-5 IP Menu Hierarchy for Administer Access Page Page Page Administration Console Interface Remote Access Parameters Page Running Scripts of Administration Console Tasks Page Page Getting Help in the Administration Exiting the Administration Page Page 3 ACCESS TO THE SYSTEM About Management Access Setting Up the Console Serial Port Setting Up an IP Interface for Management Page Page Page Page Page Page Page Page Page Page Displaying IP Statistics The IP statistics you can view are described in Table 3-3. To display IP statistics, enter the following from the top level of the Administration Console: Statistics are displayed, as shown in this example: Setting Up SNMP on Y our System Page Here is an example display of the SNMP trap reporting information: Page Page Page 4 E Displaying the System Conguration Setting Passwords Setting the System Name Changing the Date and Time Rebooting the System 5 About Setting Baselines Displaying the Current Baseline 5-2 CHAPTER 5: BASELINING STATISTICS Setting Baselines system baseline set A message similar to the following appears: Baseline set at 08/07/96 10:42:52 AM. Baselining is automatically enabled when a baseline is set. 6 R About Working with Nonvolatile Data Saving NV Data Restoring NV Data Page Examining a Saved NV Data File Resetting NV Data to Defaults Page Page 7 P Displaying Ethernet Port 7-2 CHAPTER 7: ADMINISTERING ETHERNET PORTS An example of a summary display for Ethernet ports is shown here: Table 7-1 describes the information provided about an Ethernet port. Page Page Ethernet port. However, frames may be discarded for the following reasons: Figure 7-1 shows the order in which these discard tests are made. = Figure 7-1 How Frame Processing Affects Ethernet Receive Frame Statistics = Labeling a Port Setting the Port Sta te 8 R Administering FDDI Stations Table 8-1 describes these statistics. Page To set the connection policies of an FDDI station: Page Administering FDDI Paths Page Page Administering FDDI MACs Page Administering FDDI MACs 8-11 The following example shows the detail display of FDDI MAC information: Table 8-4 describes the information provided for the FDDI MAC. Page MAC. However, a frame might be discarded for the following reasons: Page Page Page Page Administering FDDI Ports Table 8-5 describes the type of information provided for an FDDI port. Page Page Page 9 R About Roving Analysis Displaying the Roving Analysis Conguration Adding an Analyzer Port Removing an Analyzer Port Starting Port Monitoring Stopping Port Monitoring Page 10 Displaying Bridge 10-2 CHAPTER 10: ADMINISTERING THE BRIDGE The following example shows a display of bridge information. Each item in the bridge parameter list is described in Table 10-1. Page Page Enabling and Disabling IP Fragmentation Enabling and Disabling IPX Snap Translation Setting the Address Threshold Setting the Aging Time Administering STP Bridge Page Page Page 11 Displaying Bridge Port 11-2 CHAPTER 11: ADMINISTERING BRIDGE PORTS The following example shows a bridge port summary display. The following example shows a bridge port detail display. Table 11-1 describes the type of information provided for the bridge port. Page Page Page Setting the Multicast Limit Administering STP Bridge Port Page Page Administering Port Addresses 11-11 Administering Port Addresses bridge port address list Page Page 11-14 CHAPTER 11: ADMINISTERING BRIDGE PORTS To freeze all dynamic addresses: bridge port address freeze 12 P About Packet Filtering Listing Packet Filters The listing of packet lters is displayed. An example of the output follows: Displaying Packet Filters Creating Packet Filters Page Table 12-2 describes the instructions and stacks of a packet lter. 12-6 CHAPTER 12: CREATING AND USING PACKET FILTERS Figure 12-1 Ethernet and FDDI Packet Fields Page Page Page Page Page Page Creating Packet Filters 12-13 The pseudocode translates into the following packet lter: Page Page Page Page Page Page Deleting Packet Filters Editing, Checking and Saving Packet Filters Page Loading Packet Filters Assigning Packet Filters to Ports Page Unassigning Packet Filters from Ports 13 PORT GROUPS TO USE IN P Using Groups in Packet Filters Listing Groups Displaying Groups Creating New Groups Page Deleting Groups Adding Addresses and Ports to Groups Page Removing Addresses or Ports from a Group Page Loading Groups Page Page A EXAMPLES, AND SYNTAX ERRORS Page Page Page Page Page Page Page Packet Filter Examples Page Page A-12 APPENDIX A: PACKET FILTER OPCODES, EXAMPLES, AND SYNTAX ERRORS Address Group Filter This lter accepts only frames whose source and destination address are in the same group. Common Syntax Errors errors. The syntax errors and their causes are listed in Table A-1. Page B Online Technical Services Page Support from Your Network Supplier Support from 3Com Returning Products for Repair I Numerics A B C D E F G H I L M N O P R S T U V W X