6.6 Applying Filters

 < Day Day Up > 



If the bridge is connected to an infrastructure with a large amount of multiprotocol traffic, the network administrator may be able to reduce the amount of radio traffic by blocking out (filtering) those addresses or protocols that are not needed. Such filtering is especially important for battery-operated radio nodes, which might otherwise have to waste battery power receiving irrelevant multicast messages that will only be discarded.

To achieve consistent performance throughout the infrastructure, especially as clients roam, any filters set for one bridge should be duplicated on all bridges.

The network administrator can control the direction packets are traveling before they are affected by the filters. For example, only packets from the LAN might have filters applied, while packets from the radio will not be filtered. This option reduces the amount of LAN traffic to the radio network. Alternatively, packets in both directions can be filtered. This option allows control of the type of traffic the radio nodes may use.

Filtering multicast addresses. Using the bridge’s configuration utility, the network administrator can control the filtering of multicasts based on whether or not multicast addresses appear as entries in the bridge’s table. The following options are available:

  • Discard: This option prevents multicasts with no table entries from being forwarded out to the radio network.

  • Forward: This option allows multicasts with no table entries to be forwarded out to the radio network.

  • Access point: This option allows multicasts with no table entry to be forwarded only to other access points and bridges, but not to the clients.

  • Nonpower saving protocol: This option allows multicasts with no table entries to be forwarded out to the radio network to nonpower saving end nodes, but not to any nodes using the Power Saving Protocol (PSP).

If there are special multicast addresses the network administrator wants to filter differently than the defaults previously described, there is the option to add or remove a multicast filter. And if the network administrator knows that the radio nodes are not going to communicate with each other but will only communicate with nodes on the wired LAN, multicasts received from the radio nodes can be set so they are not rebroadcast to the radio cell but are forwarded only to the wired LAN. For example, if there is a large number of radio clients that only talk to the network server, enabling multicast filtering will result in much less radio traffic congestion.

Filtering by node addresses. The forwarding of packets can be controlled based on the source node addresses. As with multicast filtering, there is a default action for those addresses not in the table. The network administrator can enter actions for specific addresses to override the default action. Specific node filters can be entered as either the 6-byte infrastructure address of the node or by its IP address. If the latter method is used, the bridge will determine the infrastructure address associated with the IP address and use this for the actual filtering.

Packets may be filtered based on the source address in the received packet. For example, if the network administrator wants to prevent all but a limited number of clients to communicate with nodes on the radio network, the default action would be set to discard and then entries added for the specific clients whose action is “forward.”

The bridge is always performing filtering based on the destination MAC address of the packets it receives. The bridge will learn where a node is based on the source address of received packets and then can make a decision as to whether to forward a packet based on its knowledge of the location of the node.

There are default actions that can be set when doing destination address filtering. The Ethernet-destination value specifies the default action for packets received on the Ethernet. The radio-destination action specifies the default action for packets received on the radio interface. The allowed values for each are discard or forward.

Bridges usually come with source address filtering turned off by default. This saves processing power, since the unit has to look up the source address of each incoming packet to see if a filter is to be applied. Once a decision is made by the network administrator on which filters to apply, individual source filters can be made active with the forward or discard setting.

The network administrator can add filters for specific addresses to the filter table by entering either the infrastructure address or IP address of the node to which the filter applies. The network administrator specifies whether this is a source address, radio destination address, or Ethernet destination address filter. Then the filter action is applied to this address—forward, discard, or remove the filter. When a node address filter is entered by IP address, the bridge first determines the infrastructure address associated with this IP address. The actual filtering is done based on the infrastructure address. One or all specific node filters can be removed by specifying a single node’s infrastructure address or a single node’s IP address, or by entering an “all” parameter.

Filtering by protocol. Traffic can be filtered based on the type of protocol used to encapsulate the data in the packet. This type of filtering can have the most value in almost all situations and is the preferred method of filtering. With this type of filtering, the bridge can be set to forward only those protocols that are being used by the remote radio nodes. This is easier than setting up filters based on infrastructure and IP addresses.

The bridge can be set up to monitor and record the list of protocols currently being forwarded, how many packets were encountered, and whether the packet came from the LAN or the radio. To set up the protocol filters, the network administrator starts the monitor and lets it run. Filters are added by selecting the protocols from the monitor list.

A default action can be assigned for those protocols not in the list of explicitly filtered protocols. If the network administrator knows exactly what protocols are used by the radio nodes, the default action can be set to discard, and filters added to forward only those protocols that will be used. If all the protocols that will be used by the radio nodes are not known, but the network administrator knows there are certain protocols that will not be used, the default action can be set to forward, and filters added to discard only those protocols that will not be used.

Once a filter has been added for the IP protocol, the network administrator can also filter packets based on their UDP or TCP port number, their IP subprotocol (i.e., UDP/TCP/ICMP), or on an IP address range.



 < Day Day Up > 



LANs to WANs(c) The Complete Management Guide
LANs to WANs: The Complete Management Guide
ISBN: 1580535720
EAN: 2147483647
Year: 2003
Pages: 184

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net