Foundry Networks Switch and Router Installation And Configuration Manual page 1009

NOTE: If you do choose to apply filters for multiple layers to the same port, note that Layer 2 MAC filters can
affect the Layer 3 IP traffic that a port permits or denies on multinetted interfaces. A multinetted interface has
multiple IP sub-net interfaces on the same port. MAC filters can filter on the Ethertype field. This field includes
Layer 3 protocol information and identifies packets as IP packets, ARP packets, and so on.
If you configure a MAC filter, then leave the default action as "deny any", all packets from one of the IP sub-net
addresses to another address on the same multinetted interface that do not match the filter are denied. This
includes packet types such as IP and ARP. The result is that you have a Layer 2 filter but Layer 3 traffic is
dropped. To avoid this, make sure you configure a filter to "permit any" traffic, thus changing the default action to
permit for packets that are not denied by the other MAC filters.
Precedence Among Filters on the Same Layer
For most types of filters, a Foundry device applies filters based on the order in which you list them in a port's
inbound or outbound filter list. For example, if you apply three filters, 3, 2, and 1024 to port 1/1's outbound filter
list, the filters are applied in the following order: 3, 2, 1024.
You must configure the policies or filters before you can add them to a policy or filter group.
When you configure a policy or filter group, you must add all the policies or filters at the same time. You cannot
edit policy or filter groups. To change a group, you must delete it, then add a new one.
NOTE: Foundry devices apply Layer 2 broadcast and multicast filters in ascending numerical order, beginning
with 1.
Foundry Policies
On a Foundry device, a policy is a set of rules that defines how the device handles packets. Table C.3 on page C-
5 lists the types of policies you can configure on Foundry devices.
Policy Type
Quality-of-Service (QoS) Policies
Layer 3 Policies
Protocol-based VLANs – either forward or drop
Layer 3 traffic based on protocol (or, for IP sub-net
VLANs and IPX network VLANs, sub-net or
network address)
IP access policies – either forward or drop IP
packets
Router acceleration policies – either switch
(accelerate) IP or IPX packets or send them to a
router
Layer 4 Policies
TCP/UDP access policies – either forward or drop
packets based on TCP or UDP port
December 2000
Table C.3: Foundry Policies
Supported on...
Router
X
X
X
X
Switch ServerIron
X X
X X
a
X
X X
Policies and Filters
See page...
C-6
C-8
C-8
C-9
C-18
C-39
C-20
C - 5