Filter Example

A filter for blocking a specific MAC address


This configuration example shows you how to use a Generic Filter to block a specific MAC address of the LAN.

Before you Begin

Before you configure the filter, you need to know the MAC address of the client first. The MAC address can be provided by the NICs. If there is the LAN packet passing through the ZyAIR you can identify the uninteresting MAC address from the ZyAIR's LAN packet trace. Please have a look at the following example to know the trace of the LAN packets.
 

ras> sys trcp channel enet0 bothway
ras> sys trcp sw on

Now a client on the LAN is trying to ping ZyAIR………

ras> sys trcp sw off
ras> sys trcp disp 

TIME:  37c060  enet0-RECV len:74 call=0
  0000: [00 a0 c5 01 23 45] [00 80 c8 4c ea 63] 08 00 45 00
  0010: 00 3c eb 0c 00 00 20 01 e3 ea ca 84 9b 5d ca 84
  0020: 9b 63 08 00 45 5c 03 00 05 00 61 62 63 64 65 66
  0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76
  0040: 77 61 62 63 64 65 66 67 68 69

TIME:  37c060  enet0-XMIT len:74 call=0
  0000: [00 80 c8 4c ea 63] [00 a0 c5 01 23 45] 08 00 45 00
  0010: 00 3c 00 07 00 00 fe 01 f0 ef ca 84 9b 63 ca 84
  0020: 9b 5d 00 00 4d 5c 03 00 05 00 61 62 63 64 65 66
  0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76
  0040: 77 61 62 63 64 65 66 67 68 69
 

The detailed format of the Ethernet Version II:


+ Ethernet Version II
    - Address: 00-80-C8-4C-EA-63 (Source MAC) ----> 00-A0-C5-23-45
      (Destination MAC)
    - Ethernet II Protocol Type: IP
+ Internet Protocol
    - Version (MSB 4 bits): 4
    - Header length (LSB 4 bits): 5
    - Service type: Precd=Routine, Delay=Normal, Thrput=Normal, Reli=Normal
    - Total length: 60 (Octets)
    - Fragment ID: 60172
    - Flags: May be fragmented, Last fragment, Offset=0 (0x00)
    - Time to live: 32 seconds/hops
    - IP protocol type: ICMP (0x01)
    - Checksum: 0xE3EA
    - IP address 202.132.155.93  (Source IP address) ---->
      202.132.155.99(Destination IP address)
    - No option
+ Internet Control Message Protocol
    - Type: 8 - Echo Request
    - Code: 0
    - Checksum: 0x455C
    - Identifier: 768
    - Sequence Number: 1280
    - Optional Data: (32 bytes)

Configurations

From the above first trace, we know a client is trying to ping request the ZyAIR router. And from the second trace, we know the ZyAIR router will send a reply to the client accordingly.  The following sample filter will utilize the 'Generic Filter Rule' to block the MAC address [00 80 c8 4c ea 63].

1. First, from the incoming LAN packet we know the uninteresting source MAC address starts at the 7th Octet

TIME:  37c060  enet0-RECV len:74 call=0
  0000: [00 a0 c5 01 23 45] [00 80 c8 4c ea 63] 08 00 45 00
  0010: 00 3c eb 0c 00 00 20 01 e3 ea ca 84 9b 5d ca 84
  0020: 9b 63 08 00 45 5c 03 00 05 00 61 62 63 64 65 66
  0030: 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76
  0040: 77 61 62 63 64 65 66 67 68 69

2. We are now ready to configure the 'Generic Filter Rule' as below.

                   Menu 21.1.1 - Generic Filter Rule

                    Filter #: 1,1
                    Filter Type= Generic Filter Rule
                    Active= Yes
                    Offset= 6
                    Length= 6
                    Mask= ffffffffffff
                    Value= 0080c84cea63
                    More= No           Log= None
                    Action Matched= Drop
                    Action Not Matched= Forward
 

Key Settings:

You can now apply it to the 'General Ethernet Setup' in Menu 3.1. Please note that the 'Generic Filter' can only be applied to the 'Device Filter' but not the 'Protocol Filter' that is used for configuring the TCPIP and IPX filters.   


                 Menu 3.1 - General Ethernet Setup

                    Input Filter Sets:
                      protocol filters=
                        device filters= 1
                    Output Filter Sets:
                      protocol filters=
                        device filters=
 


All contents copyright © 2004 ZyXEL Communications Corporation.