Programmable Filtering
B.8 — IOLINK-PRO & 520 Reference Manual
The Bridge Filter Patterns menu is located under the FILTER SET-UP MENU. Within the Bridge Filter Patterns Menu
there exists a Help function that can be used as a reference during Bridge Filter Pattern creation. This Help function
includes all of the logical operators that may be applied to the mask expression.
Protocol Type Field
Within an Ethernet frame, a protocol field exists at octet 12 and 13. These two octets, or 8-bit bytes, will represent
the type of higher level protocol that exists in the Ethernet frame. There are more than 100 different protocol types
that are defined for use within an Ethernet frame. In many networks there will be fewer than 10 that are in use, but
in many larger networks there may be upwards of 30 or more. This, of course, will depend on the type of equipment
and the applications that are being used within the Local Area Network.
Internet Protocol (IP)
The Internet Protocol (IP) is the most widely used protocol within an Ethernet environment. As a result there may
be a need to restrict in one form or another this protocol traffic.
Filter all IP Packets
To prevent IP traffic from being passed across the bridged network, a mask must be created that represents this
protocol type. The IP protocol type is 0800H.
Since the protocol field starts at octet location 12, the necessary filter mask to prevent IP traffic from traversing the
bridged network is as follows: 12-0800
The 12 is the offset into the Ethernet frame, the “-” is the argument separator, and the 0800 represents the protocol
type of IP.
In this example, whenever a frame is seen on the LAN port, for which this filter mask has been specified, with a
protocol of type equal to IP, the frame will be filtered.
Note that when you filter on IP frames, all frames using the IP protocol will also be filtered. This includes TCP,
UDP, SNMP, etc.
IP, and no more
This example performs just the opposite function to the above example. Only IP packets will be allowed to be
passed across the bridged network.
For this function there must be a method to prevent all but IP packets from being filtered. For this the NOT (“~”)
logical operator is used. The NOT operator specifies that the expression has to be FALSE before the frame is
filtered. In other words, only frames that are NOT equal to the expression will be filtered and discarded.
To create this mask, the following expression is entered: ~(12-0800)
The parenthesis simply ensures that the NOT operator will apply to the entire expression.
In this case, whenever a frame is received, the frame will be filtered if the protocol type is NOT equal to 0800 (IP).
Only one filter pattern may be used that contains the NOT operator.