Black Box LRA005A-R2 User Manual
Page 192
ASYNC ROUTER AR-P, AR-5, AND SYNC ROUTER REFERENCE MANUAL
192
• SAP (sapfilter command)
Packets are checked for filter matches using those three lists in the order: general list, RIP list, SAP list.
The Router software can be configured to specify:
• an include list (packets to forward)
• an exclude list (packets not to forward)
The filter list entries can specify
• IPX source and destination addresses
• IPX packet types
• direction
• Router interface
• RIP and SAP parameters
Use the filter command to configure and modify IPX packet filters. If enabled, all incoming and
outgoing IPX packets can be filtered using IPX filters. Filtering must first be enabled for the list entries
to take effect.
Filtering restrictions apply to packets destined for the Router and those routed through the Router.
The result of passing a packet to the Filtering Module is a decision to allow or deny further processing of
the packet. The next hop is not considered.
The filtering is based on a prioritized list of filter expressions. Filter expressions are added to the
Router through use of the filter, ripfilter and sapfilter commands. The action specified in the first filter
expression found in the filter list that matches the packet in question is applied.
All IPX filtering is disabled by default. Filtering takes effect when the enable command for a filter list
(General, RIP or SAP) is entered by the user. Filter list entries stay in place across reboots only if the
config save command is entered before restarting.
There is no notion of filter modes. The filter list can be a mix of allowed and denied
address/protocol/port/interface/flag/direction specifications.
The default action if no match is found is to allow the packet. You can override this by specifying a
filter expression with wildcard address entries as the lowest-priority filter expression.
Subcommands and parameters
filter add name
The filter add subcommand adds an IPX packet filter of name name.
name—A 1 to 6 character ASCII identifier chosen by the user to easily reference filter expressions. Each
filter expression must have a unique name. This name is generally used so that the position of an
entry in the list can be changed. Names beginning with a dollar sign (“$”) are reserved for use by the
system.
[[+]-i iface [/frame_type]]—Specify a legal interface
iface—eth0, modem0-4, sync0
frame_type—Specified as part of the interface, and can be either 802.3, 802.2, SNAP or II (for
Ethernet Type 2). Use a slash to separate the iface from the frame_type, for example, eth0/802.2. If left