[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference npss::gigaswitch

Title:	GIGAswitch
Notice:	GIGAswitch/FDDI Jan 97 BL3.1 914.0 documentation 412.1ion 412.1
Moderator:	NPSS::MDLYONS

Created:	Wed Jul 29 1992
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	995
Total number of notes:	4519

961.0. "Confused on filtering...." by CSC32::OLMAIN::Goodwin (Brad Goodwin - NSIS) Fri Mar 28 1997 11:37

Filtering has got me a bit confused. I'm a bit confused on how to set up a 
port and filter matrix to filter a multicast from going out a single port and 
the multicast can from any input port, including the port that I don't want 
the multicast to go out. 

In other words, customer client system doesn't want to receive the multicast, 
from other ports, and wants to filter it, but the client must be able to send 
the multicast. 

Can anyone give me an example filter to use. I will be using MCM 6.0a to set 
up the filter.

Thanks,
Brad

T.R	Title	User	Personal Name	Date	Lines
961.1		NPSS::MDLYONS	Michael D. Lyons DTN 226-6943	`Fri Mar 28 1997 12:52`	9
	Giving an example is difficult, since you specified using the GUI interface... It's the same as all the examples in the book. When specifying the filter matrix, you specify the output ports for which the associated filters apply. If you don't want a specific DA going to a specific port, then create a filter matrix leaving that port out, and associate a DA filter with that filter matrix. MDL
961.2		NPSS::MDLYONS	Michael D. Lyons DTN 226-6943	`Fri Mar 28 1997 12:59`	6
	P.S. Although your specific example is unclear to me (it's unclear as to which ports are to be allowed to send the multicasts), it's trivial to do this with MCM. MCM displays a filter matrix of all ones by default, with input ports on one axis and output ports on the other. You just blank out the output ports for whichever input ports you care about.
961.3		CSC32::cxoras44.cxo.dec.com::Goodwin	Brad Goodwin - NSIS	`Tue Apr 01 1997 13:04`	20
	MDL, Yesterday, I tried setting up filtering using MCM 6.0a and it failed. As a matter of fact, MCM seemed to just hang with the hour glass and never come back. I had to stop the MCM task and restart it. What I was doing was trying to do is filter all broadcast messages from going out port 3.2. But I still want broadcast messages to input the GS from 3.2. Now that I think about it, I might have set the filter up wrong (Yesterday was a very bad day). Anyway, what I had done was click on the 3.2 input port and go across horizontaly for all ports except for 3.2 in the port matrix. I set up the mac address as ff-ff-ff-ff-ff-ff and always filter. I think I should have set up output 3.2 and gone down vertically. Also, I was trying to figure out how to turn off dynamic learning on a port and set up static addresses on that port. Any quick hints on that? I wasn't successful. Thanks, Brad
961.4		NPSS::MDLYONS	Michael D. Lyons DTN 226-6943	`Tue Apr 01 1997 14:14`	21
	GIGAswitch/FDDI filter matrices are defined in terms of outbound ports. This is not an option. This is the way they are defined. For each input port, you define the set of output ports to which that input port can send frames. I am currently at home, without access to the MCM GUI to see what you are describing. Note that it is entirely possible to set up filters which prevent the GIGAswitch/FDDI system from communicating with the management station. When setting up filters, take care not to cut off the management station, unless that is your intention. "Manual mode" is documented in the GIGAswitch/FDDI System Manager's Guide, page 4-16. The MIB object(s) are ebrNportManualFilter or ebrNportFppnManualFilter. I don't know anyone who has used them. In case this isn't obvious, MCM implements a fraction of the GIGAswitch/FDDI System features. MDL
961.5		CSC32::bngpc.cxo.dec.com::goodwin	Brad Goodwn - NSIS	`Tue Apr 01 1997 18:29`	16
	am I having fun yet.... Michael, OK, I've read the "Manual Mode" section in the GS manual. Not to informative. I've also looked at the MIB definitions from the SNMP guide and it doesn't make much since to me, I'm not a real good snmp person. Anyway. Can you give me an example command(s), to be used on the GS console, to lock down an address on the GS port. Ie, I want to make it so only a devices with mac address 08-00-2b-12-34-56 and 08-00-2b-65-43-21 can only be used on port 3.2 of the GS. My customer is a large DOE site, and they want to implement mac level security on a per port basic, so no other device can connect to that port and operate. Thanks for any help, Brad
961.6		NPSS::MDLYONS	Michael D. Lyons DTN 226-6943	`Tue Apr 01 1997 21:00`	50
	....in this example, I set 08-00-2b-12-34-56 to be locked down on port 6, which is fppn 3.2 - I forgot you wanted to specify fppns - it's essentially the same, just a different MIB object, and a slightly different syntax. I didn't bother with the second MAC address, since it is the same sequence of events. If you are confused by the index I use, consult note 270, which explains how to specify MAC address indices in OBM. It is easier to do with a management station. MDL Get/Set Object ID (or object.instance): ebrNportFppnManualFilter.0 Object ID: ebrNportFppnManualFilter.0 Value: () Hex: 28 29 Enter an octet string (use "" for ascii and 0x for hex), or a decimal dotted string: "(3.2)" Successful set Object ID (or object.instance): ebrNportPortNumAddress.8.0.43.18.52.86 This object currently has no value assigned. Enter an octet string (use "" for ascii and 0x for hex), or a decimal dotted string: 0x08002b123456 Successful set Object ID (or object.instance): ebrNportPortNum.8.0.43.18.52.86 This object currently has no value assigned. Enter the object's integer value : 6 Successful set Object ID (or object.instance):
961.7		CSC32::cxoras5.cxo.dec.com::Goodwin	Brad Goodwin - NSIS	`Wed Apr 02 1997 00:16`	11
	Michael, I'll work with the customer on this. We would use their NMS but we were unable to get the mibs to load. We got a lot of errors when compiling them. They are using UB Netdirector, a real piece of work! I was looking around the net for some type of snmp manager to put in my laptop, but haven't found anything yet. Any suggestions for one? Thanks, Brad
961.8		NPSS::MDLYONS	Michael D. Lyons DTN 226-6943	`Wed Apr 02 1997 13:03`	4
	Most Digital people use MCM accompanied by ManageWORKS (or whatever the correct caps are) or Polycenter NetView. MDL
961.9		KAONIS::HYNDMAN	Sled Head	`Wed Apr 02 1997 13:07`	6
	Brad, I think manageworks is now server works. Scott
961.10		CSC32::bngpc.cxo.dec.com::goodwin	Brad Goodwn - NSIS	`Thu Apr 03 1997 16:19`	10
	Michael, Have you had a chance to look at the port matrix gui to see if I specified the correct port matrix for the filter I want to set up. What I'm trying to acomplish with the filter is to not allow broadcast messages to output on port 6 or fppn 3.2. Every time I try it, MCM hangs and loses connection to the agent, then it will come back and the filter will not be there. Thanks, Brad
961.11		NETCAD::DRAGON		`Thu Apr 03 1997 16:37`	9
	Hi Brad, This might be obvious, but make sure that your using the read-write community string. If a SET is performed on a filter matrix and the read-only community string is used MCM appears to hang for a long while. Bob
961.12	Do I feel stupid.....	CSC32::cxoras44.cxo.dec.com::Goodwin	Brad Goodwin - NSIS	`Thu Apr 03 1997 19:09`	6
	Ok, you can slap me up side the head. I thought I was using the correct community string, but guess what, I transposed a byte in the hardware address. Sorry to have bothered you with this, I think I have it all right now. Brad