|
|
This chapter describes how to configure Token Ring filters on the Catalyst 5000 family switch.
 |
Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference publication for your switch. |
This chapter consists of these sections:
Catalyst 5000 family Token Ring modules provide filtering capabilities to reduce broadcast traffic, block protocols, and provide basic security.
You can filter frames based on the following:
You can configure MAC address filters for input ports only, and configure DSAP/SNAP filters for both input and output ports. You can configure up to 16 MAC address or DSAP/SNAP filters for each port on the Token Ring modules.
To filter data based on the MAC address, you must specify an address and indicate whether you want to block or allow frames that contain the address as a source or destination address. To filter data based on a protocol, specify either a DSAP or SNAP, and specify whether to permit or deny frames with that protocol.
These sections describe how to configure Token Ring filters:
When configuring a MAC address filter, you can enter the MAC address in canonical or noncanonical form. Frames that contain the MAC address as a source or destination address are dropped or passed, depending on whether you specify that the filter permits or denies the frames.
|
Note You can define up to 16 MAC address filters per port to be filtered at the port of entry into the Token Ring modules. MAC addresses can be unicast, multicast (group), or broadcast. |
To add a filter based on MAC addresses, perform this task in privileged mode:
Task | Command | |
|---|---|---|
|
|
|
|
|
|
This example shows how to set up a port filter and verify the configuration:
Console> (enable) set port filter 3/2 00:40:0b:01:bc:65 permit
Port 3/2 filter Mac Address 00:40:0b:01:bc:65 set to permit.
Console> (enable) show port filter 3/2
Port Mac-Addr Type
----- ----------------- ------
3/2 00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
Port Protocol Type
----- ----------------- ------
3/2 0x8035(ip) deny
0xffff deny
0xfefe deny
0xffff deny
0xfefe deny
0xffff deny
0xfefe deny
0xffff deny
Console> (enable)
|
Note You can define up to 16 protocol filters (8 SAP and 8 DSAP classes) per port to be filtered at the port of entry into the Token Ring modules. |
To add a filter based on protocol, perform this task in privileged mode:
Task | Command | |
|---|---|---|
|
|
|
|
|
|
This example shows how to configure a protocol filter on a port and verify the configuration:
Console> (enable) set port filter 3/2 ip permit
Port 3/2 filter Protocol ip set to permit.
Console> (enable) show port filter 3/2
Port Mac-Addr Type
----- ----------------- ------
3/2 00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
Port Protocol Type
----- ----------------- ------
3/2 0x8035(ip) deny
0xffff deny
0xfefe deny
0xffff deny
0xfefe deny
0xffff deny
0xfefe deny
0xffff deny
Console> (enable)
To clear a MAC address filter, protocol filter, or all configured filters, perform this task in privileged mode:
Task | Command |
|---|---|
|
|
This example shows how to clear all filters on a port:
Console> (enable) clear port filter all All filter MAC addresses and Protocols cleared Console> (enable)
Posted: Tue Aug 8 17:24:36 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.