Filter Policies

7750 SR OS Router Configuration Guide Page 293

Applying Filters
After filters are created, they can be applied to the following entities:
Applying a Filter to a SAP on page 293
Applying a Filter to a Network Port on page 293

Applying a Filter to a SAP

During the SAP creation process, ingress and egress filters are selected from a list of qualifying IP
and MAC filters. When ingress filters are applied to a SAP, packets received at the SAP are
checked against the matching criteria in the filter entries. If the packet completely matches all
criteria in an entry, the checking stops and an entry action is preformed. If permitted, the traffic is
forwarded according to the specification of the action. If the packets do not match, the default filter
action is applied. If permitted, the traffic is forwarded. If the packets do not match, the default
filter action is applied.
When egress filters are applied to a SAP, packets received at the egress SAP are checked against
the matching criteria in the filter entries. If the packet completely matches all criteria in an entry,
the checking stops. If permitted, the traffic is transmitted. If denied, the traffic is dropped. If the
packets do not match, the default filter action is applied.
Filters can be added or changed to an existing SAP configuration by modifying the SAP
parameters. Filter policies are not operational until they are applied to a SAP and the service
enabled.

Applying a Filter to a Network Port

You can apply an IP filter to a network port. Packets received on the interface are checked against
the matching criteria in the filter entries. If the packet completely matches all criteria in an entry,
the checking stops. If permitted, the traffic is forwarded. If the packets do not match, they are
discarded.