Configuring Filter Policies
282 7705 SAR OS Router Configuration Guide
Figure 10: Creating and Applying Filter Policies
Packet Matching Criteria
IPv4 filter entries can specify one or more matching criteria, with one caveat. In order to
support the maximum 256 entries for IPv4 filters, any entry that uses source port (src-
port) and/or destination port (dst-port) ranges (lt, gt, or range keywords) as match
criteria must be within the first 64 entries.
For IPv6 filters, the combined number of fields for all entries in a filter must not exceed 16
fields (or 256 bits), where a field contains the bit representation of the matching criteria.
All conditions must be met in order for the packet to be considered a match and the specified
action performed. The process stops when the first complete match is found and the action
defined in the entry is executed (that is, packets that match the criteria are either dropped or
forwarded). If no match is found, the default action is to drop the packet.
Matching criteria for IP filters, MAC filters, and VLAN filters are described in Table 41,
Table 42, and Table 43, respectively.
CREATE FILTER (FILTER ID) SPECIFY DESCRIPTION, SCOPE, DEFAULT ACTION
SPECIFY DESCRIPTION, ACTION, MATCHING CRITERIA
CREATE FILTER ENTRIES (ENTRY ID)
APPLY FILTER (FILTER ID)
SAVE CONFIGURATION
START
23608
CREATE SERVICE AND SERVICE
ENTITIES (SAP, SDP, etc.)
SELECT A RING PORTSELECT NETWORK
IP INTERFACE
To Next Page
Loading...
