Configuring Layer 4 Source And Destination Port Number Masks; Configuring "Inner" Parameters For Nested Vlans - Allied Telesis x900-24 series Function Manual

Configuring Layer 4 source and destination port number masks

A common filtering requirement is the ability to filter on a range of TCP or UDP port
numbers. For example, we often want to be able to allow through all packets with a TCP
destination port greater than 1024, as such packets are deemed to be replies coming back to
sessions initiated from the other side of the switch.The l4smask and l4dmask parameters
make it possible for a single classifier to match a whole range of port numbers.
These parameters take on HEX values, and are used in conjunction with the parameters
tcpsport, tcpdport, udpsport, and udpdport. A range of port numbers matches the
classifier if performing a logical AND with the mask would give the same result as performing
a logical AND with the value specified in the corresponding sport or dport parameter.
Of course, this is not quite so convenient as being able to simply specify a range of decimal
numbers. Often it can require multiple port/mask combinations to cover a particular range of
numbers.
This maths of all this is described in detail in Appendix A of this How To Note—see
Note:

Configuring "inner" parameters for nested VLANs

The tpid, innertpid, innervlanid, and innervlanpriority parameters all apply to nested
VLAN configuration. In this situation, the packets arriving at the core-facing port can have
two VLAN tags configured on them.
The tpid parameter matches on the first Tag Protocol Identifier field in the packet.
The innertpid parameter matches on the TPID in the second 802.1Q tag in the packet.
The innervlanid parameter matches on the tunnelled VLAN ID in the second 802.1Q tag
in the packet.
The innervlanpriority parameter matches on the 802.1P field in the second tag in the
packet.
The following table shows where in the packet the inner and outer tags will be matched.
Customer port
Core port
Nested VLANs disabled
Some important points to keep in mind while configuring the "inner" parameters are:
When packets arrive at a customer port of a nested VLAN, the parameter vlan will match
the VID of the nested VLAN that the port is a member of, which is just how this parameter
normally operates.
Page 4 | AlliedWare™ OS How To Note: Hardware Filters
The default value of each mask is FFFF. This means that if you specify a port number
without specifying a mask, then the classifier matches only that one value of the port
number. This is the same as specifying a port number and a mask of FFFF.
Outer VLAN parameters
(normal)
VLAN
1st tag
1st tag
Creating dedicated hardware filters
Inner VLAN parameters
1st tag
2nd tag
2nd tag
page 13.