[Top] [Prev] [Next] [Bottom]

Chapter 15

Using MAC Filtering

This chapter explains MAC filtering. It includes the following sections:

About MAC Filtering

Using MAC Filtering Parameters

Using MAC Filtering Tags

About MAC Filtering

MAC filtering lets you set up packet filters. Filters are a set of rules applied to a packet to determine how it is handled.

Note: MAC filtering is allowed on tunnel traffic.

During the filtering process, packets are either processed, filtered, or tagged. The following explains these actions:

Processed - Packets are permitted to pass through the bridge unaffected.
Filtered - Packets are not permitted to pass through the bridge.
Tagged - Packets are allowed to pass through the bridge but are marked with a number in the range of 1 to 64 based on a configurable parameter.

A MAC filter is made up of three objects:

Filter-item - A single rule for the address field of a packet. The result is either TRUE (the match was successful) or FALSE (the match was not successful).
Filter-list - Contains a list of one or more filter-items.
Filter - Contains a set of filter-lists.

MAC Filtering and DLSw Traffic

You can set up MAC filtering to channel eligible DLSw traffic to alternate bridge paths on a MAC station basis.

To set up a filter for LLC, use the Bridge Net as the interface number for the filter. Calculate the Bridge Net number by adding two to the number of interfaces configured for your router. Enter list devices at the Config> prompt or enter configuration at the + prompt to see a list of interfaces.

In the following example the Bridge Net number is 6.

Config>list devices
Ifc 0 slot 0 port 0 Ethernet
Ifc 1 slot 1 port 0 Token Ring
Ifc 2 slot 1 port 1 Token Ring
Ifc 3 slot 2 port 0 Quad/Twin Serial Line
Ifc 4 slot 2 port 1 Quad/Twin Serial Line

When you set up a filter for the Bridge Net, for example, the router does not drop frames that match exclusive filters. Instead, it forwards those frames to the bridge.

Using MAC Filtering Parameters

You can specify some or all of the following parameters when you create a filter:

Source MAC address or destination MAC address
Mask to be applied to the packet's fields to be filtered
Interface number
Input/output designation
Include/exclude/tag designation
Tag value (if you designated a tag)

Filter-Item Parameters

You specify the following parameters to construct a filter-item:

Address Type: source or destination
Tag: Tag-value
Address Mask: Hex-Mask

Each filter-item specifies an address type (source or destination) to match against the type in the packet with the tokens.

The address mask is a MAC address in hex comparing the packet's addresses. The mask is applied to the source or destination MAC address of the packet before comparing it against the specified MAC address.

The mask specifies the bytes that are to be logically ANDed with the bytes in the MAC address. It must be of equal length to the specified MAC address. If no mask is specified, it is assumed to be all 1's.

Filter List Parameters

The following parameters are used to construct a filter list:

Name: ASCII-string
Filter-Item List: filter-item1, ..., filter-item
Action: INCLUDE, EXCLUDE, TAG(n)

A filter list is built from one or more filter items. Each filter list is given a unique name.

Applying a filter list to a packet consists of comparing each filter item in the order by which the filter items were added to the list. If any of the filter items in the list return TRUE then the filter list returns its designated action.

Filter Parameters

The following parameters are used to construct a filter:

Filter list Names: ASCII-string, ..., ASCII-string
Interface Number: IFC-number
Port Direction: input or output
Default Action: include, exclude, or tag
Default Tag: tag value

A filter is constructed by associating a group of filter list names with an interface number and assigning an input or output designation. The application of a filter to a packet means that each of the associated filter lists should be applied to packets being received (input) or sent (output) on the specified interface.

When a filter evaluates a packet to an include condition, the packet is forwarded. When a filter evaluates a packet to an exclude condition, the packet is dropped. When a filter evaluates to a tag condition, the packet being considered is forwarded with a tag.

An additional parameter of each filter is the default action which is the result of non-match for all of its filter lists. This default action is include. It can be set to either include, exclude, or tag. In addition, if the default action is tag, a tag value is also given.

Using MAC Filtering Tags

MAC Address filtering is handled by a joint effort between bandwidth reservation and the MAC filtering feature (MCF) using tags. A user with bandwidth reservation is able to categorize bridge traffic, for example, by assigning a tag to it.
Tagging is done by creating a filter item at the MAC filtering configuration prompt and assigning a tag to it. This tag is used to set up a bandwidth class for all packets associated with this tag. Tag values must be in the range of 1 to 64. OpenROUTE supports applying tags only to bridged packets and allows only the MAC address fields of the packet to be used in applying the tag.
Up to five tagged MAC addresses can be set from 1 to 5. TAG1 will be searched for first, then TAG2, and so on.
Once a tagged filter is created, it is assigned a class and priority in the Bandwidth Reservation configuration process. Use tag at the Bandwidth Reservation to reference the tag.

Tags can also refer to groups as in IP Tunnel. Tunnel end points can belong to any number of groups, and then packets are assigned to a particular group through the tagging feature of MAC address filtering.

[Top] [Prev] [Next] [Bottom]

docs@openroute.com

Copyright © 1997, OpenROUTE Networks, Inc. All rights reserved. OpenROUTE 2.1