3 filtering cisco proprietary protocols, 4 setting port filters, Filtering cisco proprietary protocols – CANOGA PERKINS 9145E NID Software Version 3.1 User Manual
Page 85: Setting port filters
9145E NID Software User’s Manual
Port Information
Port Configuration
70
If the 9145E receives a frame with a MAC Destination Address of 01-80-C2-00-00-02, an
Ethertype field of 0x8809, and a Subtype field of 0x01, it will filter the frame. All three fields must
match those values.
5.2.4.3 Filtering Cisco Proprietary Protocols
In addition to handling L2CP service frames, the 9145E has the capability to filter the Cisco
proprietary protocols listed in the table below.
Table 5-2. L2CP Service Frame Protocol Identification Fields
These filters are on both the Port Filters and the More Port Filters screens. The NID checks the
same fields to identify these frames as it does for other L2CP service frames. See “How the
9145E Handles L2CP Service Frames with Port Filters” on page 68.
5.2.4.4 Setting Port Filters
In addition to L2CP and Cisco proprietary protocols, the 9145E enables you to filter other types of
packets in order to increase device security. For example:
•
Manager MAC filter – In order to prevent spoofing, this filter allows you to discard ingress
frames from the user with a source address similar to the NID Manager MAC address.
•
Test Network Filter – Allows you to filter any ingress packets from the user port that have
the destination IP address in the same network as your Test IP.
•
Management VLAN filter – Allows you to filter any frames that have the NID management
VLAN and that are not destined for the CPU.
You configure port filters at the Port Filters screen (Figure 5-11).
Layer 2 Control Protocol
MAC Dest. Address
Ethertype/Sub-type
CDP
01-00-0C-CC-CC-CC
0x2000
VTP
01-00-0C-CC-CC-CC
0x2003
PagP
01-00-0C-CC-CC-CC
0x0104
UDLD
01-00-0C-CC-CC-CC
0x0111
PVST+
01-00-0C-CC-CC-CC
0x010B
How to access this screen
To access the Port Filters screen, at the main menu enter:
3)
Port Information → 2) Port Configuration → 4) Port Filters