Filter Policies
7750 SR OS Router Configuration Guide Page 295
IP Filters• Define filter entry packet matching criteria — If a filter policy is created with an entry and
entry action specified but the packet matching criteria is not defined, then all packets
processed through this filter policy entry will pass and take the action specified. There are
no default parameters defined for matching criteria.
• Action — An action parameter must be specified for the entry to be active. Any filter entry
without an action parameter specified will be considered incomplete and be inactive.
• When you configure a filter policy which is intended for filter-based mirroring, you must
specify that the scope is exclusive.
IPv6 Filters• Define filter entry packet matching criteria — If a filter policy is created with an entry and
entry action specified but the packet matching criteria is not defined, then all packets
processed through this filter policy entry will pass and take the action specified. There are
no default parameters defined for matching criteria.
• Action — An action parameter must be specified for the entry to be active. Any filter entry
without an action parameter specified will be considered incomplete and be inactive.
Log Filter• Summarization logging is the collection and summarization of log messages for 1 specific
log-id within a period of time.
• Filter log can be applied to different ACL filters or CPM HW filters.
• The implementation of the feature applies to filter logs with destination syslog.
• In case of VPLS scenario both L2 & L3 are applicable.
→L2: Src Mac or optionally Dest MAC
→ - L3: Src IPv6 or optionally Dest IPv6 for L3 filters.
• The summarization interval is 100 seconds.
• Upon activation of a summary, a mini-table with src/dst-address and count is created for
each type (ip/ipv6/mac).
• Every received log packet (due to filter hit) is examined for source or destination address.
If the logpacket (src/dst-address) matches a src/dst address entry in the mini-table (thus a
packet receive previously), the summary counter of the matching address is incremented.
• If source or destination address of the Log messages does not match an entry already
present in the table, the src/dst-address is stored in a free entry in the minitable.