4 port filters, 1 l2cp service frame processing options in men, Port filters – CANOGA PERKINS 9145E NID Software Version 4.10 User Manual

9145E NID Software User’s Manual

Port Information

Port Configuration

142

5.2.4 Port Filters

Port Filters enables you to discard predefined service frames ingress from the users or network
such as Layer 2 Control Protocols (L2CP), Manager MAC address, Test IP Network, and
Management VLAN, as well as some Cisco proprietary protocols such as UDLD, PVST+ and so
on. When a filter is enabled on a specific service frame, the packet is discarded and not
forwarded to the CPU or the other port.

Port filters can also be set from the configuration file.

Here is some general information about port filters:

•

SNMP - You can manage Port Filters with SNMP using the CpPortFilterConfigEntry MIB

table.

•

Statistics - Each time the 9145E filters a frame, the Filtered Frame count on the Layer 2

Frame Type Statistics screen is incremented. See “Layer 2 Statistics” on page 151.

•

System Log and syslog - All filter events are logged in the system log and syslog. See

“System Log” on page 158 and “SYSLOG Client Configuration” on page 38.

•

.cap file - The default setting in the .cap file will be “Operator.” If you logged in with an

access level lower than what is in the .cap file, you will not be able to modify filters. To
change the access level, see section 1.4 Feature Access Level Configuration. For more
information about the .cap file, see “Three Levels of Security” on page 30.

•

VLAN rules - All frames that are not filtered and are not sent to the CPU will be subject to

the VLAN rules as regular service frames.

5.2.4.1 L2CP Service Frame Processing Options in MEN

The MEF 10.2 specification in Section 7.13 UNI Layer 2 Control Protocol Processing Service
Attribute lists all processing options in a Metro Ethernet Network (MEN):

•

Discard The MEN discards all ingress service frames carrying the L2CP and does not

generate any egress service frames carrying the L2CP. When this alternative is in effect,
an EVC cannot process the Layer 2 Control Protocol.

•

Peer The MEN acts as a peer of the CE (Customer Equipment) in the operation of the

Layer 2 Control Protocol. From the CE point of view, the MEN is a single device running
the Layer 2 Control Protocol.

•

Pass to EVC The disposition of the Layer 2 Control Protocol is determined by the L2CP

attribute of the EVC, which is either tunneled or discarded. The EVC associated with
L2CP is determined by the CE-VLAN ID of the Service Frame and CE-VLAN ID/EVC
Map.

NOTE: If you want L2CP service frames to be tunneled, you must configure all UNIs in the EVC
to pass the L2CP to the EVC.

•

Tunnel This is an option of Pass to EVC in which the MEN carries the L2CP across the

service provider network without being processed and delivers it to the appropriate UNI or
UNIs. You may want to use tunneling if you attach bridges to all UNIs and therefore BPDU
(Bridge Protocol Data Units) need to be carried across the network. When using tunnel-