[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference 7.286::fddi

Title:FDDI - The Next Generation
Moderator:NETCAD::STEFANI
Created:Thu Apr 27 1989
Last Modified:Thu Jun 05 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:2259
Total number of notes:8590

1049.0. "per-port protocol filtering on decbridge620, how?" by MUNICH::SCHWEMMER () Wed Aug 04 1993 11:00

Some questions about DECbridge-620 (V3.1) and Protocol Filtering.

1) Is there a very close documentation about Filtering on Multiport-Bridges?
   I've read 'Bridge AM Use' of Polycenter Network Manager-Docu, but I still
   have some open questions.

2) A customer of us wants to set up protocol filtering with the following
   goals:

   G1: On port 3 no other protocol should be forwarded except protocol xx-xx
       (in customer's case xx-xx=NOVELL, 
        but protocol type doesn't have any impact).

   G2: On port 4 no packet of protocol type xx-xx should be forwarded, but all
       the other protocol types.

   How do I have to specify this on a Multiport-Bridge?

   For goal 2 (G2) I can specify the following command:

   MCC> set bridge <name> protoc data ethernet entry xx-xx filter port = 4

   In my opinion, the bridge forwards all protocol types except on port 4
   type xx-xx. Is this right?

   But, what about goal G1:
   Like I've seen in the documentation, there's no possibility to set
   manual filter switch on per-port-basis.
   (normally, I would set manual filter switch to true and forward all
    packets of protocol type xx-xx, "other" protocol types would be set
    to filter).

   What possibilities do I have on Multiport Bridges?
   Is it necessary to specify a Forward/Filter Map and how?   

Could someone please give a hint, because I'm not very familiar in 
doing protocol filtering on bridges.

Thanks in advance.

Regards,
Mathilde Schwemmer,
Digital Service Center Munich.
T.RTitleUserPersonal
Name		DateLines
1049.1help with protocolQUIVER::WALTERWed Aug 04 1993 12:4360
>> 1) Is there a very close documentation about Filtering on Multiport-Bridges?
    
    The DECmcc Bridge AM use manual is about it. 
    
>> G1: On port 3 no other protocol should be forwarded except protocol xx-xx
    
    This is the hard one. What SHOULD work is the following:
    
    MCC> USE DEFAULT ENTITY BRIDGE bridge_id PROTOCOL DATABASE
    MCC> SET LINE 3 DEFAULT ETHERNET TYPE FILTERING = TRUE
    MCC> SET LINE 3 DEFAULT SAP FILTERING = TRUE
    MCC> SET LINE 3 DEFAULT SNAP FILTERING = TRUE
    MCC> CREATE ETHERNET ENTRY xx-xx FORWARD PORTS = (1,2,3,4)
    
    [I'm not sure of the syntax of the above commands, but you get the
    idea.]
    This almost works. I say almost because, as has been discussed
    elsewhere in this conference, setting the default filtering on a multiport
    bridge only filters INBOUND packets, not outbound. As a result, the above 
    sets will prevent other protocol types from entering port 3, but will allow
    other protocol types to enter some other port and be forwarded onto
    port 3. Sorry.
    
    An ugly alternative is to create entries for each of the protocols you 
    want to filter, of the form:
    
    MCC> CREATE ETHERNET ENTRY xx-xx FORWARD PORTS = (1,2,4)
    
    
>> G2: On port 4 no packet of protocol type xx-xx should be forwarded, but all
>>     the other protocol types.
>> MCC> set bridge <name> protoc data ethernet entry xx-xx filter port = 4
>>
>> In my opinion, the bridge forwards all protocol types except on port 4
>> type xx-xx. Is this right?
    
    
    This should work.
    
>> Like I've seen in the documentation, there's no possibility to set
>> manual filter switch on per-port-basis.
>> (normally, I would set manual filter switch to true and forward all
>>  packets of protocol type xx-xx, "other" protocol types would be set
>>  to filter).
    
    Manual mode is done on a per port basis. I think the command is:
    
    MCC> SET LINE x MANUAL MODE = TRUE
    
    However, manual mode is REAL ugly. You must specify in the forwarding 
    database every address that can be seen in a packet's destination AND
    source field. And protocol filtering applies as well. It's really
    manual.
    
    
    Hope this helps. 
    
    Dave
1049.2the ugly alternative is the best oneMUNICH::SCHWEMMERMon Aug 09 1993 04:5015
    Hello Dave,
    
    many thanks for your fast answer.
    
    I will tell the customer to create ethernet entries for every protocol
    he want to filter ("ugly alternative").
    
    With kind reagards,
    
    Mathilde.
    
    
    P.S:
    I have to correct the mentioned version of DECbridge620. Of course,
    it's V1.3 instead of V3.1.