Create QoS Filter Window
This window appears when you click Create on the QoS tab of the
Modify INS Filters window. It has two tabs:
- Filter, for creating a filter that identifies the
packets that you are interested in
- Action, for specifying the action to take on these
packets
When you finish with the window, click OK.
Begin by selecting the type of QoS filter you want to create from the Filter
Type list.
Note: After you create a filter, the name of the list changes to Filter
Type/Field Set, and it shows the field set
for the filter you created. If you create two field sets (the maximum number
allowed for security filters), the list name changes again to Field Set.
You can continue to create filters within the the two field sets.
Your options in the remainder of the window depend on the filter type you choose:
MAC, IP, TCP, or
UDP.
Follow these steps:
- From the Source MAC Address list, select any if you want the
filter to match any source MAC address. Otherwise, select specify,
and enter the source address that you want the filter to match in the field
below.
- From the Destination MAC Address list, select any if you want
the filter to match any destination MAC address. Otherwise, select specify,
and enter the destination address that you want the filter to match in the
field below.
- From the Ethertype list, select the protocol that you want the filter
to match, or select none. If you want a protocol that is not in the
list, select other, and identify the protocol numerically in the Other
field.
Follow these steps:
- From the Source Wildcard list, select the wildcard to be used with
the IP address that you enter in the Source IP Address field.
Notes:
- Your selection is translated to binary, as is the source IP
address. By comparing the two strings, a set of IP addresses is generated.
Wherever a 0 occurs in the wildcard, generated IP addresses retain whatever
value is opposite the 0 in the original source IP address. Wherever a
1 occurs in the wildcard, the value opposite the 1 is irrelevant; generated
IP addresses can contain either a 1 or a 0 in that position. If a generated
IP address occurs in the source IP address field of the packet header,
it matches the filter.
- Select any (equivalent to a string of binary 1s) to match any
source IP address in the packet header. Select host (equivalent
to a string of binary 0s) to match only the address you enter in the Source
IP Address field.
- In the Source IP Address field, enter the source IP address that
you want to use with the source wildcard.
- From the Destination Wildcard list, select the wildcard to be used
with the IP address that you enter in the Destination IP Address field.
The process described in the notes for Step 1 is also used to generate a set
of destination IP addresses.
- In the Destination IP Address field, enter the destination IP address
that you want to use with the destination wildcard.
The filter matches the packet header only if it matches both the source and
destination IP address fields.
Follow these steps:
- From the Source Wildcard list, select the wildcard to be used with
the IP address that you enter in the Source IP Address field.
Notes:
- Your selection is translated to binary, as is the source IP
address. By comparing the two strings, a set of IP addresses is generated.
Wherever a 0 occurs in the wildcard, generated IP addresses retain whatever
value is opposite the 0 in the original source IP address. Wherever a
1 occurs in the wildcard, the value opposite the 1 is irrelevant; generated
IP addresses can contain either a 1 or a 0 in that position. If a generated
IP address occurs in the source IP address field of the packet header,
it matches the filter.
- Select any (equivalent to a string of binary 1s) to match any
source IP address in the packet header. Select host (equivalent
to a string of binary 0s) to match only the address you enter in the Source
IP Address field.
- In the Source IP Address field, enter the source IP address that
you want to use with the source wildcard.
- From the Destination Wildcard list, select the wildcard to be used
with the IP address that you enter in the Destination IP Address field.
The process described in the notes for Step 1 is also used to generate a set
of destination IP addresses.
- In the Destination IP Address field, enter the destination IP address
that you want to use with the destination wildcard.
- From the Source Port list, select a port to identify an application
protocol, or select none. If you want a protocol that is not in the
list, select other, and identify the protocol in the Other field
below the list.
Example: You administer an intranet server and you want to prevent
outside users from accessing it. You could select a source port of http.
- From the Destination Port list, select a port to identify an application
protocol, or select none. If you want a protocol that is not in the
list, select other, and identify the protocol in the Other field
below the list.
Example: You administer a network and you want to prevent anyone from
accessing the Web. You could select a destination port of http.
The filter matches the packet header only if it matches the settings for the
source IP address, the destination IP address, the source port, and the destination
port.
Follow these steps:
- From the Source Wildcard list, select the wildcard to be used with
the IP address that you enter in the Source IP Address field.
Notes:
- Your selection is translated to binary, as is the source IP
address. By comparing the two strings, a set of IP addresses is generated.
Wherever a 0 occurs in the wildcard, generated IP addresses retain whatever
value is opposite the 0 in the original source IP address. Wherever a
1 occurs in the wildcard, the value opposite the 1 is irrelevant; generated
IP addresses can contain either a 1 or a 0 in that position. If a generated
IP address occurs in the source IP address field of the packet header,
it matches the filter.
- Select any (equivalent to a string of binary 1s) to match any
source IP address in the packet header. Select host (equivalent
to a string of binary 0s) to match only the address you enter in the Source
IP Address field.
- In the Source IP Address field, enter the source IP address that
you want to use with the source wildcard.
- From the Destination Wildcard list, select the wildcard to be used
with the IP address that you enter in the Destination IP Address field.
The process described in the notes for Step 1 is also used to generate a set
of destination IP addresses.
- In the Destination IP Address field, enter the destination IP address
that you want to use with the destination wildcard.
- From the Source Port list, select a port to identify an application
protocol, or select none. If you want a protocol that is not in the
list, select other, and identify the protocol in the Other field
below the list.
Example: You want to prevent a device from receiving SNMP packets.
You could select a source port of snmp.
- From the Destination Port list, select a port to identify an application
protocol, or select none. If you want a protocol that is not in the
list, select other, and identify the protocol in the Other field
below the list.
Example: You want to prevent a device from sending SNMP packets to
a specific destination. You could select a destination port of snmp.
The filter matches the packet header only if it matches the settings for the
source IP address, the destination IP address, the source port, and the destination
port.
- From the DSCP list, select a DSCP
value to assign to matching packets.
- In the Rate [kbps] field, enter the maximum transmission rate that
you will permit on the interface. The number that you enter is in kilobits
per second.
- In the Max Burst Size [KB] field, enter the maximum burst size that
you will permit on the interface. The number that you enter is in kilobytes.
- In the Exceed Action list, select an action you want to occur if
either maximum is exceeded. If you select Drop, packets in violation
are dropped. If you select Mark Down DSCP, the Mark Down DSCP
field is enabled. In it, enter a DSCP value to assign to packets in violation.