Using and Configuring Features Version 3.4

Configuring and Monitoring MAC Filtering

This chapter describes how to access the MAC Filtering configuration and monitoring prompts and how to use the available commands. It includes the following sections:

"Accessing the MAC Filtering Monitoring Prompt"
"MAC Filtering Monitoring Commands"
"MAC Filtering Dynamic Reconfiguration Support"

Accessing the MAC Filtering Configuration Prompt

Use the feature command from the CONFIG process to access the MAC filtering configuration commands. The feature command lets you access configuration commands for specific features outside the protocol and network interface configuration processes.

Enter a question mark after the feature command to obtain a listing of the features available for your software release. For example:

     Config> feature ?
     WRS
     BRS
     MCF
     Feature name or number [MCF]?

To access the MAC filtering configuration prompt, enter the feature command followed by the feature number (3) or short name (MCF). For example:

  Config> feature mcf
  MAC Filtering user configuration
  Filter config>

Once you access the MAC filtering configuration prompt, you can begin entering specific configuration commands. To return to the CONFIG prompt at any time, enter the exit command at the MAC filtering configuration prompt.

MAC Filtering Configuration Commands

This section summarizes the MAC filtering configuration commands. Enter these commands at the Filter config> prompt.

Use the following commands to configure the MAC filtering feature.

Table 6. MAC Filtering Configuration Command Summary

Command	Function
? (Help)	Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
Attach	Adds a filter list to a filter.
Create	Creates a filter list or an INPUT or OUTPUT filter.
Default	Sets the default action for the specified filter to EXCLUDE, INCLUDE, or TAG.
Delete	Removes all information associated with a filter list. Also deletes a filter that was created using the create filter command.
Detach	Removes a filter list from a filter.
Disable	Disables MAC Filtering entirely or disables a particular filter.
Enable	Enables MAC Filtering entirely or enables a particular filter.
List	Lists a summary of all the filter lists and filters configured by the user. Also generates a list of attached filter lists for this filter and all subsequent information for the filter.
Move	Reorders the filter lists attached to a specified filter.
Reinit	Re-initializes the entire MAC Filtering system from an updated configuration, without affecting the rest of the router.
Set-Cache	Changes the cache size for a filter.
Update	Adds or deletes information from a specific filter list. Brings you to a menu of appropriate subcommands.
Exit	Returns you to the previous command level. See "Exiting a Lower Level Environment".

Attach

Use the attach command to add a filter-list to a filter.

A filter is constructed by associating a group of filter-lists with an interface number. A filter-list is built from one or more filter-items.

Syntax:

attach: filter-list-name filter-number

Create

Use the create command to create a filter-list or an INPUT or OUTPUT filter.

Syntax:

create: list filter-list-name
: filter [input or output] interface-number

list filter-list-name: Creates a filter-list. Lists are named by a unique string (Filter-list-name) of up to 16 characters of the user's choice. This name is used to identify a filter-list that is being built. This name is also used with other commands associated with the filter-list.
filter [input or output] interface-number: Creates a filter and places it on the network associated with the INPUT or OUTPUT direction on the interface given by an interface number. By default this filter is created with no attached filter-lists, has a default action of INCLUDE and is ENABLED.

Default

Use the default command to set the default action for the filter with a specified filter number to exclude, include, or tag.

Syntax:

default: exclude filter-number
: include filter-number
: tag tag-number filter-number

exclude filter-number: Sets the default action for the filter with a specified filter number to exclude.
include filter-number: Sets the default action for the filter with a specified filter number to include.
tag tag-number filter-number: Sets the default action for the filter with the specified filter number to TAG and sets the associated tag value to tag number.

Delete

Use the delete command to remove all information associated with a filter-list and to free an assigned string as a name for a new filter-list. If filter-list is attached to a filter that has already been created by the user, then this command will display an error message on the console without deleting anything. In addition all filter-items belonging to this list are also deleted

This command also deletes a filter that was created using the create filter command.

Syntax:

delete: list filter-list
: filter filter-number

list filter-list

Removes all information associated with a filter-list and frees an assigned string as a name for a new filter-list. The filter-list must be a string entered by a previous create list command.

If the filter-list is attached to a filter that has already been created by the user, then this command will display an error message on the console without deleting anything. All filter-items belonging to this list are also deleted when this command is used.

filter filter-number

Deletes a filter that was created using the create filter command.

Detach

Use the detach command to delete a filter-list name (filter-list parameter) from a filter (filter-number parameter).

Syntax:

detach: filter-list-name filter-number

Disable

Use the disable command to disable MAC Filtering entirely or to disable a particular filter.

Syntax:

disable: all
: filter filter-number

all: Disables MAC Filtering entirely. Filters are still set as ENABLED, however, if they were enabled previously.
filter filter-number: Disables a particular filter. The filter-number parameter corresponds to the numbers displayed in the list filters command.

Enable

Use the enable command to enable MAC Filtering entirely or to enable a particular filter.

Syntax:

enable: all
: filter filter-number

all: Enables MAC Filtering entirely, although filters themselves may still be set to DISABLED.
filter filter-number: Enables a particular filter. The filter-number parameter corresponds to the numbers displayed in the list filters command.

List

Use the list command to list a summary of all the filter-lists and filters configured by the user. A list of all the filter-lists attached to a filter is not given. Other information displayed includes:

A list containing the state of the filtering system (ENABLE, DISABLE)
The set of configured filter-list records
Each of the configured filter records.

In addition, the following information is displayed for each filter:

Filter number
Interface number
Filter direction (INPUT, OUTPUT)
Filter state (ENABLE, DISABLE)
Filter default action (TAG, INCLUDE, EXCLUDE).

This command also generates a list of attached filter-lists for this filter and all subsequent information for the filter.

Syntax:

list: all
: filter filter-number

all: Displays a summary of all the configured filter-lists and filters.
filter filter-number: Generates a list of attached filter-lists for the specified filter and all subsequent information for the filter.

Move

Use the move command to reorder the filter-lists attached to a specified filter (given by filter-number parameter). The list given by Filter-list-name1 is moved immediately before the list given by Filter-list-name2.

Syntax:

move: filter-list-name1 filter-list-name2 filter-number

Reinit

Use the reinit command to re-initialize the entire MAC Filtering system from an updated configuration, without affecting the rest of the router.

Syntax:

reinit

Set-Cache

Use the set-cache command to change the default cache size (16) to a number in the range 4 to 32768.

Syntax:

set-cache: cache-size filter-number

Update

Use the update command to add information to or delete information from a specific filter-list. Using this command with the desired filter-list-name brings you to the Filter filter-list-name Config> prompt for that specific filter-list. From this new prompt you can then change information in the specified list.

The new prompt level is used to add or delete filter-items from filter-lists. The order in which the filter-items are specified for a given filter-list is important as it determines the order in which the filter-items are applied to a packet.

Syntax:

update: filter-list-name

Update Subcommands

This section summarizes the MAC filtering configuration subcommands. Enter these subcommands at the Filter filter-list-name config> prompt.

Table 7. Update Subcommands Summary

Subcommand	Function
? (Help)	Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
Add	Adds source or destination MAC address filters or a window filter. Adds filter-items to a filter-list.
Delete	Removes filter-items from a filter-list.
List	Lists a summary of all the filter-lists and filters configured by the user. Also generates a list of attached filter-lists for this filter and all subsequent information for the filter.
Move	Reorders the filter-lists attached to a specified filter.
Set-Action	Sets a filter-item to evaluate the INCLUDE, EXCLUDE or TAG (with a tag-number option) condition.
Exit	Returns you to the previous command level. See "Exiting a Lower Level Environment".

Use the following subcommands to update a filter-list.

Add

Use the add subcommand to add filter-items to a filter-list. This subcommand specifically lets you add a hexadecimal number to compare against the source or destination MAC address, or a sequence of window data with a mask to compare against a packet data.

The order in which the filter-items are added to a given filter-list is important because it determines the order in which the filter-items are applied to a packet.

Each use of the add subcommand creates a filter-item within the filter-list. The first filter-item created is assigned filter-item-number 1, the next one is assigned number 2, and so on. After you enter a successful add subcommand, the router displays the number of the filter-item just added.

The first match that occurs stops the application of filter-items, and the filter-list evaluates to INCLUDE, EXCLUDE, or TAG, depending on the designated action of the filter-list. If none of the filter-items of a filter-list produces a match, then the default action (INCLUDE, EXCLUDE or TAG) of the filter is returned.

Syntax: add: source hex-MAC-addr hex-Mask
: destination hex-MAC-addr hex-Mask
: window MAC offset-value hex-data hex-mask
: window INFO offset-value hex-data hex-mask

source hex-MAC-addr hex-Mask

Adds a hexadecimal number to compare against the source MAC address. hex-MAC-addr must be an even number of hex digits with a maximum of 16 digits and should be entered without a 0x in front.

The hex-mask parameter must be the same length as hex-MAC-address and is logically ANDed with the designated MAC address in the packet. The default hex-mask argument is to be all binary 1s.

The hex-MAC-addr parameter can be specified in canonical or noncanonical bit order. A canonical bit order is specified as just a hex number (for example, 000003001234). It may also be represented as a series of hex digits with a hyphen (-) between every two digits (for example, 00-00-03-00-12-34).

A noncanonical bit order is specified as a series of hex digits with a colon (:) between every two digits (for example, 00:00:C9:09:66:49). MAC addresses of filter-items will always be displayed using either a hyphen (-) or a colon (:) to distinguish canonical from noncanonical representations.

destination hex-MAC-addr hex-Mask

Acts identically to the add source subcommand, with the exception that the match is made against the destination rather than the source MAC address of the packet.

window MAC offset-value hex-data hex-mask

Adds a sliding window filter-item using the specified offset (computed from the beginning of the frame) that matches the hex data with the mask against packet data.

window INFO offset-value hex-data hex-mask

Similar to the add window mac command, except that the offset is computed with respect to the beginning of the information field.

Delete

Use the delete subcommand to remove filter-items from a filter-list. You delete filter-items by specifying the filter-item-number assigned to the item when it was added.

When the delete subcommand is used, any gap created in the number sequence is filled in. For example, if filter-items 1, 2, 3, and 4 exist and filter-item 3 is deleted, then filter-item 4 will be renumbered to 3.

Syntax:

delete: filter-item-number

List

Use the list subcommand to print out a listing of all the filter-item records. The following information about each MAC-Address filter-item is displayed:

MAC address and address mask in canonical or noncanonical form.
filter-item numbers
address type (source or destination)
filter-list action

Syntax:

list: canonical
: noncanonical
: mac-address canonical
: mac-address noncanonical
: window

canonical: Prints out a listing of all the filter-item records within a filter-list, giving the item numbers, the address type (SRC, DST), the MAC address in canonical form, and the address mask in canonical form. It also gives the filter-list action.
mac-address canonical: Prints out a listing of all the filter-item records within a filter-list, giving the item numbers, the address type (SRC, DST), the MAC address in canonical form, and the address mask in canonical form. In addition the filter-list action is given.
noncanonical: Prints out a listing of all the filter-item records within a filter-list, giving the item numbers, the address type (SRC, DST), the MAC address in noncanonical form, and the address mask in noncanonical form. It also gives the filter-list action.
mac-address noncanonical: Prints out a listing of all the filter-item records within a filter-list, giving the item numbers, the address type (SRC, DST), the MAC address in noncanonical form, and the address mask in noncanonical form. It also gives the filter-list action.
window: Prints out a listing of all the sliding window filter-item records within a filter-list, giving the item numbers, base, offset, data, and mask. It also gives the filter-list action.

Move

The move subcommand reorders filter-items within the filter-list. The filter-item whose number is specified by filter-item-name1 is moved and renumbered to be just before filter-item-name2.

Syntax:

move: filter-item-name1 filter-item-name2

Set-Action

The set-action subcommand lets you set a filter-item to evaluate the INCLUDE, EXCLUDE, or TAG (with a tag-number option) condition. If one of the filter-items of the filter-list matches the contents of the packet being considered for filtering, the filter-list will evaluate to the specified condition. The default setting is INCLUDE.

Syntax:

set-action: [INCLUDE or EXCLUDE or TAG] tag-number

Accessing the MAC Filtering Monitoring Prompt

Use the feature command from the GWCON process to access the MAC filtering monitoring commands. The feature command lets you access monitoring commands for specific router features outside of the protocol and network interface monitoring processes.

Enter a question mark after the feature command to obtain a listing of the features available for your software release. For example:

     + feature ?
     WRS
     BRS
     MCF

To access the MAC filtering monitoring prompt, enter the feature command followed by the feature number (3) or short name (MCF). For example:

     + feature mcf
     MAC Filtering user monitoring
     Filter>

Once you access the MAC filtering monitoring prompt, you can begin entering specific monitoring commands. To return to the GWCON prompt at any time, enter the exit command at the MAC Filtering monitoring prompt.

MAC Filtering Monitoring Commands

This section summarizes the MAC filtering monitoring commands. Enter these commands at the Filter> prompt.

Table 8. MAC Filtering Monitoring Command Summary

Command	Function
? (Help)	Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
Clear	Clears the "per filter" statistics listed in the list filter command.
Disable	Disables MAC Filtering globally or on a "per filter" basis.
Enable	Enables MAC Filtering globally or on a "per filter" basis.
List	Lists a summary of statistics and settings for each filter currently running in the router.
Reinit	Re-initializes the entire MAC Filtering system from an updated configuration, without affecting the rest of the router.
Exit	Returns you to the previous command level. See "Exiting a Lower Level Environment".

Use the following commands to monitor the MAC filtering feature.

Clear

Use the clear command to clear filter statistics.

Syntax:

clear: all
: filter filter-number

all: Clears the statistics listed by the list all command.
filter filter-number: Clears the statistics listed by the list filter command.

Disable

Use the disable command to disable MAC filtering globally. This command does not individually disable each filter.

The command also disables a filter as specified by filter-number. This filter is disabled without modifying configuration records. If no argument is given, MAC filtering is globally disabled.

Syntax:

disable: all
: filter filter-number

all: Disables MAC filtering globally. This command does not individually disable each filter.
filter filter-number: Disables the filter that is specified by the filter number. This filter is disabled without modifying configuration records. If no filter number is given, MAC filtering is globally disabled.

Enable

Use the enable command to enable MAC filtering globally. This command does not individually enable each filter.

The command also enables a filter as specified by filter-number. This filter is enabled without modifying configuration records. If no argument is given, MAC filtering is globally enabled.

Syntax:

enable: all
: filter filter-number

all: Enables MAC filtering globally. This command does not individually enable each filter.
filter filter-number: Enables the filter that is specified by the filter number. This filter is enabled without modifying configuration records. If no filter number is given, MAC filtering is globally enabled.

List

Use the list command to list a summary of statistics and settings for each filter currently running in the router. The following information is displayed for each filter when the list all command is used:

Default action
Cache size
Default tag
State (enabled/disabled)
Number of packets which have been filtered as INCLUDE, EXCLUDE or TAG.

In addition, the following information is also displayed by the list filter command for a specified filter:

All information displayed by the list all command
All the filter-lists currently running in this filter including:
- List name
- List action
- List tag
- Number of packets which have been filtered by each filter-list.

Syntax:

list: all
: filter filter-number

all: Lists statistics and settings for each filter currently running in the router.
filter filter-number: Generates statistics and settings for each filter plus all the filter-lists currently running in this filter.

Reinit

Use the reinit command to re-initialize the entire MAC Filtering system from an updated configuration, without affecting the rest of the router.

Syntax:

reinit

MAC Filtering Dynamic Reconfiguration Support

This section describes dynamic reconfiguration (DR) as it affects Talk 6 and Talk 5 commands.

CONFIG (Talk 6) Delete Interface

MAC Filtering supports the CONFIG (Talk 6) delete interface command with no restrictions.

GWCON (Talk 5) Activate Interface

MAC Filtering supports the GWCON (Talk 5) activate interface command with the following consideration:

If there are any MAC filters defined for the newly activated interface, then all MAC filters for every interface are reinitialized.

All MAC Filtering interface-specific commands are supported by the GWCON (Talk 5) activate interface command.

GWCON (Talk 5) Reset Interface

MAC Filtering supports the GWCON (Talk 5) reset interface command with the following consideration:

If there are any MAC filters defined for the newly reset interface, then all MAC filters for every interface are reinitialized.

All MAC Filtering interface-specific commands are supported by the GWCON (Talk 5) reset interface command.

GWCON (Talk 5) Component Reset Command

MAC Filtering supports the following MAC Filtering-specific GWCON (Talk 5) reset command:

GWCON, Feature MCF, Reinit Command

Description:: Dynamically reinitializes all configured MAC filters.
Network Effect:: None.
Limitations:: None.

All MAC Filtering commands are supported by the GWCON, feature mcf, reinit command.

CONFIG (Talk 6) Activate Command

MAC Filtering supports the following CONFIG (Talk 6) activate command:

CONFIG, Feature MCF, Reinit Command

Description:: Dynamically reinitializes all configured MAC filters.
Network Effect:: None.
Limitations:: None.

All MAC Filtering commands are supported by the CONFIG, feature mcf, reinit command.

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]