Protocol Filters
Both L2PT and protocol filtering allow you to tunnel or filter many protocols on an interface.
For this purpose,
ExtremeXOS supports creating protocol filters. A protocol
filter contains a number of protocols to which you can apply some action (like tunneling and
filtering). Each protocol in a protocol filter is defined using the following fields:
- The destination MAC address of PDUs of
the protocol. This field is mandatory for all protocols that are to be tunneled or
filtered.
- The protocol id (EtherType, LLC, SNAP).
This field is mandatory for all protocols that are to be tunneled.
- User defined field. This is an arbitrary
field in the PDU of the protocol that is specified using the offset of the field from the
start of the PDU, the value of the field and a mask.
For example, use the following command to create a protocol filter that
includes LACP and EFM
OAM:
# Create a protocol filter
create protocol filter my_slow_protocols_filter
# Add LACP to the protocol filter
configure protocol filter my_slow_protocols_filteradd dest-mac
01:80:C2:00:00:02 etype 0x8809 field offset 14 value 01 mask FF
# Add EFM OAM to the protocol filter
configure protocol filter my_slow_protocols_filteradd dest-mac
01:80:C2:00:00:02 etype 0x8809 field offset 14 value 03 mask FF
The
following validity checks are performed when a protocol is added to a protocol filter:
- Ensure that the protocol does not already exist in the protocol
filter.
- If the protocol filter is used by any L2PT profile:
- Ensure that the protocol defines a destination MAC address.
- Ensure that the protocol defines a protocol identifier.
- For every L2PT profile that is using the protocol filter:
- Ensure that the protocol is unique within the L2PT profile. If the
action for the protocol filter is ‘tunnel‘ in the L2PT profile:
- For every service interface using the L2PT profile: ensure that the
protocol is not filtered on the underlying port of the service interface.
- It ensures that the protocol is not tunneled on the underlying port
of the service interface.
- If the protocol filter is used by any port for the purpose of protocol
filtering (configure ports port# protocol filter
filter-name):
- Ensure that the protocol defines a destination MAC address.
- For every port that has the protocol filter attached for the purpose of
protocol filtering:
- Ensure that the protocol is not tunneled by a service on that
port.
Note
Protocol filters may be used with features other than L2PT and
protocol filtering (for example, Protocol Based VLANs). The validity tests listed above are only
the ones relevant to L2PT and protocol filtering.
Protocol filters for the following protocols are created automatically by
the switch when the switch is set to default configuration:
- Cisco Discovery Protocol (CDP)
- Unidirectional Link Detection (UDLD)
- VLAN Trunking Protocol (VTP)
- Port Aggregation Protocol (PAgP)
- Dynamic Trunking Protocol (DTP)
- Link Aggregation Control Protocol (LACP)
- LLDP
- STP
- EDP