Port Filters
Flow Mapping® provides the ability to apply filters to egress ports (tool, hybrid, circuit, and inline network), passing or dropping traffic after it has been forwarded from a network port.
Port-filters provide a convenient way to narrow down the traffic seen by egress ports without having to change an entire map. However, they are less efficient and scalable than flow maps – focus on using flow maps as your first packet distribution technique.
Port Filter—Rules and Notes
Keep in mind the following notes when managing port-filters:
|
•
|
The filter is only supported for egress ports (tool, hybrid, circuit, and inline network) – network ports use maps to direct traffic. |
|
•
|
You can only configure egress port filters on a single port at a time. The filter argument is blocked when used the with multiple tool ports or port groups. |
|
•
|
In cases of inline network LAG and inline network groups, the port filters must be applied on each of the inline network ports that are part of the inline network LAG or inline network group. |
|
•
|
Port filters for inline network ports are not supported on GigaVUE TA Series devices as these devices do not have inline network ports. |
|
•
|
Egress port filters are supported on GigaVUE-TA25, except that a) VLAN rules are not supported with port filters and b) either IPv4 or IPv6 type port filter rules are supported only if L2 circuit encapsulation tunnels or GS maps are used else both IPv4 and IPv6 rules are supported. |
Port-Filter Maximums
Table 1: Port-Filter Maximums per GigaVUE Node provides the maximum port-filters for the different GigaVUE nodes:
Table 1: Port-Filter Maximums per GigaVUE Node
GigaVUE Node
|
Maximum Number of Port-Filters
|
GigaVUE‑HC1
|
400 per chassis
|
GigaVUE-HC2 (CCv1)
|
100 per chassis
|
GigaVUE-HC2 (CCv2)
|
400 per chassis
|
GigaVUE-HC3 (CCv1 and CCv2)
|
100 per module
|
GigaVUE-TA10
|
|
•
|
100 with Advanced Features License |
|
GigaVUE-TA25
|
|
•
|
100 with Advanced Features License |
|
GigaVUE-TA40
|
|
•
|
100 with Advanced Features License |
|
GigaVUE-TA100
|
|
•
|
100 per pseudo-slot with Advanced Features License |
|
GigaVUE-TA100-CXP
|
|
•
|
100 with Advanced Features License |
|
GigaVUE-TA200
|
|
•
|
100 per pseudo-slot with Advanced Features License |
|
Note: A single filter applied to multiple tool ports counts multiple times against the 100-filter limit.
How to Apply Port Filters
To apply a port filter, do the following:
|
1.
|
From the device view, go to Ports > Ports > All Ports. |
|
2.
|
Select the egress port (tool, hybrid, circuit, and inline network) to which you want to apply a filter, and then click Edit. |
|
3.
|
Under the Filters section on the Ports page, click Add Rule. |
|
4.
|
Select and configure the required rule. Add a new port-filter using the specified criteria as follows: |
|
•
|
Use a drop rule to deny packets matching the specified criteria. |
|
•
|
Use a pass rule to allow packets matching the specified criteria. All other packets are denied. |
View Port Filter Statistics
You can view the port filter counters based on the filter rules configured for the port. To view the port filter statistics:
|
1.
|
From the device view, go to Ports > Ports > All Ports. |
|
2.
|
Click the port ID for which you want to view the filter counters. The Port ID quick view appears. Refer to the following figure: |
View Filter Resources for a Slot
You can view the maximum filter resources available and the filter resources used for a slot in the Slot ID quick view. To access the Slot ID quick view:
|
1.
|
From the device view, go to Chassis. The Box ID page appears. |
|
2.
|
Click the required slot ID. The Slot ID quick view appears. |
|
3.
|
Go to the Filter Resource section to view the filter resources limit and the filter resources used. Refer to the following figure: |