Alteon Application Switch Operating System Application Guide
Filtering and Traffic Manipulation
356 Document ID: RDWR-ALOS-V2900_AG1302
Basic Filtering Features
Alteon includes extensive filtering capabilities at the Layer 2 (MAC), Layer 3 (IP), Layer 4 (TCP/
UDP), and Layer 7 (content-based) levels.
This section includes an overview of the following topics:
• Filtering Benefits, page 356
• Filtering Classification Criteria, page 356
• Filtering Actions, page 357
• Stacking Filters, page 358
• Overlapping Filters, page 358
• Default Filter, page 359
• Optimizing Filter Performance, page 359
• Filtering with Network Classes, page 360
• IP Address Ranges, page 360
• Filter Logs, page 361
• Cached Versus Non-Cached Filters, page 362
Filtering Benefits
Filtering provides the following benefits:
• Filtering of Layer 2 non-IP frames—In Alteon, a filter can specify only source MAC and
destination MAC addresses, and capture and apply an allow.
• Increased security for server networks—Filtering gives you control over the types of traffic
permitted through Alteon. Filters can be configured to allow or deny traffic from Layer 2 through
Layer 7, including: MAC address, IP address, protocol, Layer 4 port, Layer 7 string or pattern
content.
Layer 2-only filters, as described in MAC-Based Filters for Layer 2 Traffic, page 373
, can be
configured to allow or deny non-IP traffic.
• Map the source or destination IP addresses and ports—Generic NAT can be used to map
the source or destination IP addresses and the ports of private network traffic to or from
advertised network IP addresses and ports.
Note: When applied to ports, Alteon filters work exclusively in ingress and not egress.
Filtering Classification Criteria
Up to 2048 filters can be configured. Descriptive names can be used to define filters. Each filter can
be set to perform Filtering Actions, page 357
based on any combination of the following filter
options:
Table 29: Filter Options
Filter Option Description
smac Source MAC address
dmac Destination MAC address
ipver IP version
sip Source IP address or range (see IP Address Ranges, page 360
)
To Next Page
Loading...
Need help?
General