2. Filter based on VLAN

_images/MoteurDeDetectionOFF.png

From menu Adv Config :

_images/SPDC13.PNG

_images/SPDC14.PNG
_images/SPDC30.PNG

Packet Filtering is used to create on an active RULESET in order to specify filter rules per monitoring interface. This option is compatible with GCenter 2.5.3.100+. The rules present in Sigflow Manager apply to one or all interfaces.

Drop all packets from a VLAN allows XDP filtering of all packets from a specific VLAN on a capture interface.

_images/SPDC34.PNG_images/SPDC35.PNG

The syntax for 802.1AD(Q-in-Q) support is X:Y, where X is the "outer TAG" and Y is the "inner TAG". This syntax works everywhere in the 'Packet Filtering' menu where you can enter the VLAN number. "The outer TAG" can be tagged as 0x88A8:802.1AD; The "inner TAG" such as 0x9100, 0x9200, 0x8100 (Cisco).

XDP filters can be used to voluntarily discard:

  • the native VLAN

  • full VLANs by number

  • subnets (prefixes) per VLAN

  • particular ports on UDP/TCP.

For IP addresses and ports, the reciprocal rule is automatically applied. It is therefore sufficient to enter the Rx stream for the Tx stream to also be discarded.

Drop some packets from a VLAN : XDP filtering is done based on some selected packets on a VLAN:

_images/SPDC38.PNG_images/SPDC39.PNG

The administrator specifies the new filter rule by selecting the capture interface, VLAN, IP addressing, protocol: tcp or udp, and its protocol range (0:65635).

You can do it with the following CLI command :

set advanced-configuration packet-filtering add interface [mon0|1|2|3|4|5|6|7] drop [protocol|ciphered-protocols|port-range|prefix|vlan] confirm