Configuring Filter Policies
Configuring Filter Policies
Topics in this section include:
Overview of Filter Policies
Filter policies (or filters), also referred to as Access Control Lists (ACLs), are sets of rules
that can be applied to network interfaces and services (VLL (Ethernet and IP), VPLS, VPRN
and IES, and IES in-band management). Filter policies constrain network or user traffic based
on match criteria and determine the action that will be invoked against the subject packet (that
is, the default action can be either "drop" or "forward").
The 7705 SAR supports four types of filter policies: IP filters, MAC filters, VLAN filters, and
CSM filters. The 7705 SAR also supports policy-based routing (PBR), which is based on IP
filters, and multi-field classification (MFC).
IP, MAC, and VLAN filters scan all traffic and take the appropriate (configured) action
against matching packets. Packets that are not filtered by one of these filters and are destined
for the 7705 SAR are then scanned by the CSM filter, if configured.
Configuring an entity for a filter policy is optional. If a network or service interface is not
configured with filter policies, all traffic is allowed on the interface. By default, there are no
filters associated with interfaces or services. The filters must be explicitly created and
associated. When you create a new filter, you must specify a unique filter ID value for each
new filter policy, as well as each new filter entry and associated actions. The filter entries
specify the filter matching criteria. See
274
•
Overview of Filter Policies
•
Network and Service (Access) Interface-based Filtering
•
Policy-Based Routing
•
Multi-field Classification (MFC)
•
VLAN-based Filtering
•
Filter Policy Entries
•
Filter Log Files
Filter Policy
Entries.
7705 SAR OS Router Configuration Guide