Web OS 10.0 Application Guide
3.
Configure Filter 7 to deny traffic and then assign VLAN 70 to the filter.
As a result, ingress traffic from VLAN 70 is denied entry to the switch.
>> # /cfg/slb/filt 7
>> Filter 7# sip any
>> Filter 7# dip 205.177.15.0
>> Filter 7# dmask 255.255.255.0
>> Filter 7# proto tcp
>> Filter 7# sport http
>> Filter 7# dport any
>> Filter 7# action deny
>> Filter 7# vlan 70
>> Filter 7# ena
Optimizing Filter Performance
Filter efficiency can be increased by placing filters that are used most often near the beginning
of the filtering list.
It is a recommended practice to number filters in small increments (5, 10, 15, 20, etc.) to make
it easier to insert filters into the list at a later time. However, as the number of filters increases,
you can improve performance by minimizing the increment between filters. For example, fil-
ters numbered 2, 4, 6, and 8 are more efficient than filters numbered 20, 40, 60, and 80. Peak
processing efficiency is achieved when filters are numbered sequentially beginning with 1.
Filter Logs
To provide enhanced troubleshooting and session inspection capability, packet source and des-
tination IP addresses are included in filter log messages. Filter log messages are generated
when a Layer 3/Layer 4 filter is triggered and has logging enabled. The messages are output to
the console port, system host log (syslog), and the Web-based interface message window.
n
176
Chapter 7: Filtering
(Select the menu for Filter 7)
(From any source IP address)
(To base local network dest. address)
(For entire subnet range)
(For TCP protocol traffic)
(From a Telnet port)
(To any destination port)
(Allow matching traffic to pass)
(Assign VLAN 70 to Filter 7)
(Enable the filter)
212777-A, February 2002