Foundry Configuration Guide for the FESX, FSX, and FWSX
C - 4 © Foundry Networks, Inc. December 2005
NOTE: If you do choose to apply filters for multiple layers to the same port, note that Layer 2 MAC filters can
affect the Layer 3 IP traffic that a port permits or denies on multinetted interfaces. A multinetted interface has
multiple IP sub-net interfaces on the same port. MAC filters can filter on the Ethertype field. This field includes
Layer 3 protocol information and identifies packets as IP packets, ARP packets, and so on.
If you configure a MAC filter, then leave the default action as “deny any”, all packets from one of the IP sub-net
addresses to another address on the same multinetted interface that do not match the filter are denied. This
includes packet types such as IP and ARP. The result is that you have a Layer 2 filter but Layer 3 traffic is
dropped. To avoid this, make sure you configure a filter to “permit any” traffic, thus changing the default action to
permit for packets that are not denied by the other MAC filters.
Precedence Among Filters on the Same Layer
For most types of filters, a Foundry device applies filters based on the order in which you list them in a port’s
inbound or outbound filter list. For example, if you apply three filters, 3, 2, and 1024 to port 1/1’s outbound filter
list, the filters are applied in the following order: 3, 2, 1024.
You must configure the policies or filters before you can add them to a policy or filter group.
When you configure a policy or filter group, you must add all the policies or filters at the same time. You cannot
edit policy or filter groups. To change a group, you must delete it, then add a new one.
Foundry Policies
On a Foundry device, a policy is a set of rules that defines how the device handles packets. The following table
lists the types of policies you can configure on a Foundry device.
Table C.4: Foundry Policies
Policy Type Supported on... See page...
Router Switch
Quality-of-Service (QoS) Policies X X C-5
Layer 3 Policies C-5
Protocol-based VLANs – either forward or drop
Layer 3 traffic based on protocol (or, for IP sub-net
VLANs and IPX network VLANs, sub-net or
network address)
XXC-5
Table C.5: Policies
Policy Type See page...
Quality-of-Service (QoS) Policies B-7
Layer 3 Policies B-9
Protocol-based VLANs – either forward or drop Layer 3 traffic
based on protocol (or, for IP sub-net VLANs and IPX network
VLANs, sub-net or network address)
B-9
IP access policies – either forward or drop IP packets B-10
Layer 4 Policies B-38
To Next Page
Loading...
Need help?
General
