Filters
The Filters tab displays details of all the filters available on the NDB controller. The tab provides information of the filtering criteria (used in a connection) for the incoming traffic.
The default filters include the following protocols for packet filtering:
-
Default-match-all
-
Default-match-IP
-
Default-match-ARP
-
Default-match-MPLS ( unicast and multicast)
-
Default-match-ICMP
-
Default-match-ICMP-All
A table is displayed with the following details:
Column Name |
Description |
||
---|---|---|---|
In Use |
A green tick mark indicates that the filter is in use, in a connection. |
||
Filter |
The filter name. Click Filter. A new pane is displayed on the right which has more information about the filter. The following additional actions can be performed from here:
|
||
Bidirectional |
If a filter is bidirectional, a Yes is displayed; else a No is displayed. If a filter is marked bidirectional, incoming and outgoing traffic is filtered at the same port. |
||
Ethertype |
Layer 2 ethertype of the filter. |
||
Protocol |
Layer 3 protocol used by the filter. |
||
Advanced Filter(s) |
The advanced filters associated with the filter. |
||
Created By |
The user who created the filter. |
||
Last Modified By |
The user who last modified the filter. |
The following actions can be performed from the Filters tab:
-
Add Filter—Use this to add a new filter. See Adding a Filter for details about this task.
-
Delete Filter—Select the filter(s) to be deleted by checking the check box which is available at the beginning of the row and then click Actions > Delete Filter(s). The selected filter(s) is deleted. If you choose the delete action without selecting a check box, an error is displayed. You will be prompted to select a filter.
Adding a Filter
Use this procedure to add a filter. The incoming traffic is matched based on the parameters defined in a filter.
Procedure
Step 1 |
Navigate to Components > Filters. |
||||||||||||||||||||||||||
Step 2 |
From the Actions drop down menu, select Add Filter. |
||||||||||||||||||||||||||
Step 3 |
In the Add Filter dialog box, enter the following details:
|
||||||||||||||||||||||||||
Step 4 |
Click Add Filter to add the filter. |
Editing or Cloning a Filter
Use this procedure to edit or clone a filter.
Editing a filter means changing the parameters of an existing filter.
Cloning a filter means creating a new filter with the same parameters of an existing filter and making the required changes to the filter parameters. Ensure to change the name of the filter before saving it.
Note |
Default filters cannot be edited. |
Before you begin
Add one or more filters.
Procedure
Step 1 |
Navigate to Components > Filters. |
||||||||||||||||||||||
Step 2 |
In the displayed table, click a Filter. A new pane is displayed on the right. |
||||||||||||||||||||||
Step 3 |
Click Actions and select Clone Filter. |
||||||||||||||||||||||
Step 4 |
In the Clone Filter or Edit Filter dialog box, the current filter information is displayed. Modify these fields, as required:
|
||||||||||||||||||||||
Step 5 |
Click Edit Filter or Clone Filter. |
Advanced Filters
Advanced filtering provides multiple options to filter (permit or deny) the traffic based on Ethernet type and attributes such as Acknowledgment, FIN, Fragments , PSH, RST, SYN, DSCP, Precedence, TTL, packet-length, and NVE. Advanced filtering is available for the following Ethernet types and options:
Data Type |
Supported Options |
---|---|
IPv4 |
DSCP, Fragment, Precendence, and TTL |
IPv4 with TCP |
Acknowledgment, DSCP, Fragment, FIN, Precedence,PSH, RST, SYN, and TTL |
IPv4 with UDP |
DSCP, Fragment, Precendence, and TTL |
IPv6 |
DSCP and Fragment |
IPv6 with TCP |
Acknowledgment, DSCP, Fragment, FIN, PSH, RST,and SYN |
IPv6 with UDP |
DSCP and Fragment |
Note |
Advanced Filtering is available only for NX-API on Cisco Nexus 9000 platform. |
The Time to Live (TTL) attributes range from 0 to 255. For Nexus 9200 devices, the maximum value of TTL that can be set is 3. For rest of the Nexus 9000 series devices, the maximum TTL value can be 3 for NX-OS version 7.0(3)I6(1) and above. For NXOS versions 7.0(3)I4(1) and below, you can configure any value within the range.
Limitations for using Advanced Filtering
While configuring Advanced Filters, you cannot:
-
Configure DSCP and precedence together.
-
Configure fragments and ACK or SYN or FIN or PSH or RST together.
-
Configure fragments and port numbers with UDP and IPv4 or IPv6 combination.
-
Configure precedence and HTTP methods with IPv4 and TCP combination.