USER-DEFINED
6
PACKET FILTERING
This chapter contains the following information:
nA description of user-deŢned packet Ţltering
nA discussion of how to use address and port groups in packet Ţlters
nExamples of packet Ţlters
About The SuperStacka II Switch 2200 system allows you to add a second layer of
User-deŢned packet Ţltering on top of the standard Ţltering provided by a traditional
Packet Filteringtransparent bridge. This user-deŢned packet Ţltering further restricts which
packets are forwarded through the bridge. By taking advantage of this
powerful feature, you can improve network performance, provide additional
security, or logically segment your network to support virtual workgroups.
Designing a PacketThe packet Ţltering mechanism supported on the Switch 2200 is very
Filter�exible. You can deŢne complex Ţlters comprising many simple
comparisons. This �exibility allows you to use packet Ţlters in several unique
applications on your network.
You specify the packet Ţlter using a packet Ţlter language. This language
consists of operands and operators that you use to compose your Ţlters.
This language is described in detail in the SuperStacka II Switch 2200
Administration Console User Guide. Table 6-1 describes the two simplest
operands.
Table 6-1 Packet Filter Operands
OperandDescription
Packet fieldA field in the packet that can reside at any offset. The size of the
field can be 1, 2, 4, or 6 bytes. Typically, you only specify a 6 byte
field when you want the filter to examine a 48-bit address.
ConstantA literal value. As with a field, a constant can be 1, 2, 4, or 6 bytes. |
ACEC
OTHERS
