octets
octets
When Is a Filter
Applied? — Paths
Figure 24 Ethernet and FDDI Packet Fields
Destination
Type/Length
Address
(Ethernet Type field if > 1500;
(6 octets)
802.3 Length field if - 1500)
0
6
12
Source Address
(6 octets)
Destination
Source
Address
Address
(6 octets)
(6 octets)
0
6
12
Internal Packet Data
Packets travel on many different paths through the switch. You can
control to which path a filter is applied.
Input Packet Filtering: Receive Path
Input packet filtering applies to packets immediately upon reaching the
switch port, before they reach the switch's internal forwarding processing
(receive path). Because the packets never enter the switch, the switch
itself is protected against an external attack.
Output Packet Filtering: Transmit Path
Output packet filtering applies to packets after they have been through
the switch's internal forward processing (transmit path).
Internal Packet Filtering: Receive Internal Path
Internal packet filtering applies to packets intended for the switch itself
(such as pings, Telnet packets, and so forth) on the receive internal path.
14
25
Internal Packet Data
Filter First 64 Bytes of Frame
25
Filter First 64 Bytes of Frame
Packet Filtering Overview
Ethernet Packet
FDDI Packet
307
64
64