Creating dedicated hardware filters
Configuring Layer 4 source and destination port number masks
A common filtering requirement is the ability to filter on a range of TCP or UDP port numbers. For example, we often want to be able to allow through all packets with a TCP destination port greater than 1024, as such packets are deemed to be replies coming back to sessions initiated from the other side of the switch.The l4smask and l4dmask parameters make it possible for a single classifier to match a whole range of port numbers.
These parameters take on HEX values, and are used in conjunction with the parameters tcpsport, tcpdport, udpsport, and udpdport. A range of port numbers matches the classifier if performing a logical AND with the mask would give the same result as performing a logical AND with the value specified in the corresponding sport or dport parameter.
Of course, this is not quite so convenient as being able to simply specify a range of decimal numbers. Often it can require multiple port/mask combinations to cover a particular range of numbers.
This maths of all this is described in detail in Appendix A of this How To
Note: The default value of each mask is FFFF. This means that if you specify a port number without specifying a mask, then the classifier matches only that one value of the port number. This is the same as specifying a port number and a mask of FFFF.
Configuring “inner” parameters for nested VLANs
The tpid, innertpid, innervlanid, and innervlanpriority parameters all apply to nested VLAN configuration. In this situation, the packets arriving at the
zThe tpid parameter matches on the first Tag Protocol Identifier field in the packet.
zThe innertpid parameter matches on the TPID in the second 802.1Q tag in the packet.
zThe innervlanid parameter matches on the tunnelled VLAN ID in the second 802.1Q tag in the packet.
zThe innervlanpriority parameter matches on the 802.1P field in the second tag in the packet.
The following table shows where in the packet the inner and outer tags will be matched.
| Outer VLAN parameters | Inner VLAN parameters |
| (normal) |
|
|
|
|
Customer port | VLAN | 1st tag |
|
|
|
Core port | 1st tag | 2nd tag |
|
|
|
Nested VLANs disabled | 1st tag | 2nd tag |
|
|
|
Some important points to keep in mind while configuring the “inner” parameters are:
zWhen packets arrive at a customer port of a nested VLAN, the parameter vlan will match the VID of the nested VLAN that the port is a member of, which is just how this parameter normally operates.
Page 4 AlliedWare™ OS How To Note: Hardware Filters
