Page 11 | AlliedWare™ OS How To Note: Hardware Filters
How many filters can you create?
Okay length
For example, this set of filters would work:
source MAC address
source UDP port
destination IP a destination TCP port
The total number of bytes for the switch to check in a packet would be:
source MAC a IP protocol type + source TCP/UDP port +
destination IP a destination TCP/UDP port =
6 +
1
+ 2 + 4 + 2 =
1
5 bytes
Too long
But this set of filters would not work:
source MAC address
destination MAC address
destination IP a destination TCP port
The total number of bytes for the switch to check in a packet would be:
source MAC a destination MAC a IP protocol type +
destination IP a destination TCP/UDP port =
6 + 6 +
1
+ 4 + 2 =
1
9 bytes
Some protocols also use filters, so use some of the length
The following protocols use filters, and therefore use up some of the available profile length
and filter entries:
EPSR
EPSR matches on VLAN ID, which uses 2 bytes. EPSR is disabled by default.
IGMP
snooping
IGMP snooping matches on the IP protocol type field (to identify IGMP packets and send
them to the CPU). This uses
1
byte. IGMP snooping is enabled by default.
DHCP
snooping
DHCP snooping matches on the IP protocol type field (
1
byte) and the source and
destination UDP ports (2 bytes each). Therefore, it uses 5 bytes in total. DHCP snooping is
disabled by default.
MLD
snooping
MLD snooping matches on the IPv6 router alert option and its value (2 bytes). MLD snooping
is enabled by default. If you are not using IPv6, you can turn off MLD snooping with the
command
disable mldsnooping
.
