Avaya 1600 manual IP Filtering

E. IP Filtering

The following assumes that you have a working knowledge of IP protocols.

Filtering executes on the WAN port that you select. There are two different sets of filters and each filter maintains its own statistics:

Input - Input packets are filtered after the network address translation.

Output - Output packets are filtered before the network address translation.

The maximum total number of filters is 128.

Packets pass through the appropriate set of filters in the order in which the filters display in the list shown on the user interface (Configure IP Router > Configure IP Filtering > Display all filters of the chosen type). Each packet moves down the list of filters until it reaches the end or the attributes of an active filter match the packet.

When a "match" occurs, the packet is then processed according to the action field (Pass or Discard) of the first filter that matched the packet:

Pass - packet passed to the next level.

Discard - packet discarded. When output packets are dropped, RTCS_OK is returned from IP_route.

When you create a new filter, all fields are set to an inactive state. An inactive filter passes all IP packets - you must modify at least one field to narrow the range of packets to pass or change the action to discard all packets.

To create a set of filters to pass only certain types of packets, you need to create a default filter that discards all packets and then insert narrower filters before the default filter. For example, you need to add a filter to cover each range of packets.

If you want to select only the packet ranges to discard, then there is no default filter needed, because the default action is to pass all packets. You only have to add filters that set the range to discard and set the actions of those filters to discard.

The order of the filters matters if you are mixing filters with different actions or if you want the overlapping filters to display accurate statistics.