Optimizing filter performance, Filter logs, Optimizing filter performance 176 filter logs 176 – Nortel Networks WEB OS 212777 User Manual
Page 176
Web OS 10.0 Application Guide
176
n
Chapter 7: Filtering
212777-A, February 2002
3.
Configure Filter 7 to deny traffic and then assign VLAN 70 to the filter.
As a result, ingress traffic from VLAN 70 is denied entry to the switch.
Optimizing Filter Performance
Filter efficiency can be increased by placing filters that are used most often near the beginning
of the filtering list.
It is a recommended practice to number filters in small increments (5, 10, 15, 20, etc.) to make
it easier to insert filters into the list at a later time. However, as the number of filters increases,
you can improve performance by minimizing the increment between filters. For example, fil-
ters numbered 2, 4, 6, and 8 are more efficient than filters numbered 20, 40, 60, and 80. Peak
processing efficiency is achieved when filters are numbered sequentially beginning with 1.
Filter Logs
To provide enhanced troubleshooting and session inspection capability, packet source and des-
tination IP addresses are included in filter log messages. Filter log messages are generated
when a Layer 3/Layer 4 filter is triggered and has logging enabled. The messages are output to
the console port, system host log (
syslog
), and the Web-based interface message window.
>> # /cfg/slb/filt 7
(Select the menu for Filter 7)
>> Filter 7# sip any
(From any source IP address)
>> Filter 7# dip 205.177.15.0
(To base local network dest. address)
>> Filter 7# dmask 255.255.255.0
(For entire subnet range)
>> Filter 7# proto tcp
(For TCP protocol traffic)
>> Filter 7# sport http
(From a Telnet port)
>> Filter 7# dport any
(To any destination port)
>> Filter 7# action deny
(Allow matching traffic to pass)
>> Filter 7# vlan 70
(Assign VLAN 70 to Filter 7)
>> Filter 7# ena
(Enable the filter)