Packet Filtering Overview; What Can You Filter - 3Com 4007 Implementation Manual

306 C 15: P
HAPTER ACKET
Packet Filtering
Overview

What Can You Filter?

F
ILTERING
The management interfaces display "
Management Module as the Enterprise Management Engine (EME)
because the heritage of the Switch 4007 is the CoreBuilder
The packet filtering feature allows a switch to make a permit-or-deny
decision for each packet based on the packet contents. Use packet filters
to control traffic on your network segments to:
Improve LAN performance
Implement LAN security controls
Shape traffic flow to emulate virtual LAN (VLAN) behavior. See
Chapter 14.
Before you create a packet filter, you must decide which part of the
packet you want to use for your filtering decisions. You can filter on any
data in the first 64 bytes of the frame. You can filter Ethernet, Fast
Ethernet, Fiber Distributed Data Interface (FDDI), or Gigabit Ethernet
frames by the destination address, source address, type, length, or any
attribute within the first 64 bytes. Keep in mind that the offsets may
differ between FDDI and Ethernet packets, so the same filter may not
work on all interfaces. Ethernet and FDDI packet fields are shown in
Figure 24.
You can only filter Layer 2 traffic, not Layer 3 traffic. (This is true even
though packet filtering is supported only on Multilayer Switching
Modules.)
You must filter on the input packet type. For example, if you write a filter
that you intend to assign to the transmit path of an Ethernet port, it will
not be sufficient to compose a filter that only filters Ethernet traffic. This
is because the filtering function is applied before the conversion to
Ethernet format. Consider all possible sources of the packets. Might the
packet originate as an FDDI packet? If so, then filter on the FDDI format
as well as any Ethernet source formats.
" and refer to the
cb9000
®
9000 switch.