Displaying Packet Filters 12-3
Displaying
Packet Filters
When displaying the contents of a single packet filter, you select the packet
filter using the filter id (which you can obtain by listing the packet filters
as described in the previous section). The packet filter instructions are
displayed; however, any comments in the original packet filter definition
file are not displayed because they are not saved with the packet filter.
To display the contents of a packet filter:
1 From the top level of the Administration Console, enter:
bridge packetFilter display
You are prompted for the number of the packet filter you want to display.
2 Enter the packet filter id number.
The contents of the packet filter are displayed. An example of the output
generated by this command is shown next. The packet filter id and name
are displayed, followed by a listing of the packet filter instructions.
Select packet filter to be displayed [1-n]: 2
Packet filter 2 - Type > 900 or Multicast
name “Type > 900 or Multicast”
pushLiteral.w 0x900
pushField.w 12
gt
reject
pushField.b 0
pushLiteral.b 0x01
and
not
Creating Packet
Filters
You create custom packet filters by writing a packet filter definition. Each
packet-processing path on a port may have a unique packet filter definition
or may share a definition with other ports. Packet filter definitions are
written in the packet filter language. This language allows you to construct
complex logical expressions.
After writing a packet filter definition, you load it into a Switch 2200 and the
corresponding port assignments are preserved in the nonvolatile memory
(NVRAM) of the system. This ensures that the packet filter configuration for
each system is saved across system reboots and power failures.
Top-Level Menu
system
ethernet
fddi
➧bridge
ip
snmp
analyzer
script
logout
display
ipFragmentation
ipxSnapTranslation
addressThreshold
agingTime
stpState
stpPriority
stpMaxAge
stpHelloTime
stpForwardDelay
stpGroupAddress
port
➧packetFilter
list
➧display
create
delete
edit
load
assign
unassign
addressGroup
portGroup