| Title: | DEChub/HUBwatch/PROBEwatch CONFERENCE |
| Notice: | Firmware -2, Doc -3, Power -4, HW kits -5, firm load -6&7 |
| Moderator: | NETCAD::COLELLA�DT |
| Created: | Wed Nov 13 1991 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 4455 |
| Total number of notes: | 16761 |
Hello,
Can somebody explain me what I do wrong or explain me how this works.
I tryid to setup address filters in a DECbridge900MX between ethernet ports
+ FDDI ports with manual mode enabled on a customer but it won't work.
When I do it with manual mode disabled (bridge in learning mode) address
filtering works fine. But when I use the manual mode option and specified
source an destination filters (MAC and DECNET) in the addrees filter list
it won't work. Alse multicast, all local bridge and IEEE 802.1d Bridge group
address are in the filter list with no port filters. (This is the default)
A example of the HUBwatch Address Filter list is as follow;
! HUBwatch Address Filters
! Bridge management address: 145.89.216.10
! Bridge management community: "public-6"
! -------------------------------------------------------------------------
! Number of entries: 104. Maximum NV entries: 400.
!
! Manual Mode Filter all unspecified
! Lockdown addresses on ports:
!---------------- -------------------
<unspecified>: 1 2 3 4 5 6 7
!
! Rate Filter specified address
! MAC Address Limit on the following ports:
!---------------- ----- -------------------
01-80-C2-00-00-00 <No port filters>
01-80-C2-00-00-01 1 2 3 4 5 6 7
01-80-C2-00-00-02 1 2 3 4 5 6 7
01-80-C2-00-00-03 1 2 3 4 5 6 7
01-80-C2-00-00-04 1 2 3 4 5 6 7
01-80-C2-00-00-05 1 2 3 4 5 6 7
01-80-C2-00-00-06 1 2 3 4 5 6 7
01-80-C2-00-00-07 1 2 3 4 5 6 7
01-80-C2-00-00-08 1 2 3 4 5 6 7
01-80-C2-00-00-09 1 2 3 4 5 6 7
01-80-C2-00-00-0A 1 2 3 4 5 6 7
01-80-C2-00-00-0B 1 2 3 4 5 6 7
01-80-C2-00-00-0C 1 2 3 4 5 6 7
01-80-C2-00-00-0D 1 2 3 4 5 6 7
01-80-C2-00-00-0E 1 2 3 4 5 6 7
01-80-C2-00-00-0F 1 2 3 4 5 6 7
08-00-2B-16-A0-EC 2 6 7 (source address)
08-00-2B-16-A0-7F 2 6 7 (destination address)
08-00-2B-A6-EF-B8 1 2 3 4 5 6 7
08-00-2B-A6-EF-B9 1 2 3 4 5 6 7
08-00-2B-A6-EF-BA 1 2 3 4 5 6 7
08-00-2B-A6-EF-BB 1 2 3 4 5 6 7
08-00-2B-A6-EF-BC 1 2 3 4 5 6 7
08-00-2B-A6-EF-BD 1 2 3 4 5 6 7
08-00-2B-A6-EF-BE 1 2 3 4 5 6 7
09-00-2B-00-00-0F <No port filters>
09-00-2B-01-00-00 <No port filters>
09-00-2B-01-00-01 <No port filters>
09-00-2B-02-00-00 <No port filters>
09-00-2B-02-01-00 <No port filters>
09-00-2B-02-01-01 <No port filters>
09-00-2B-02-01-05 <No port filters>
09-00-2B-04-00-00 <No port filters>
AA-00-04-00-14-04 2 6 7 (source address)
AA-00-04-00-0A-04 2 6 7 (destination address)
AB-00-00-01-00-00 <No port filters>
AB-00-00-02-00-00 <No port filters>
AB-00-00-03-00-00 <No port filters>
AB-00-00-04-00-00 <No port filters>
FF-FF-FF-FF-FF-FF <No port filters>
!
! Number of listed filter entries: 128
I have also set No port filters for DNA routing, service advertisement,
service solicitation etc. But I don't think that is important??
The filters for source and destination works for the ports I have specified
when I turn on the above configution. Manual mode <No port filters> and
source and destination 1 3 4 5 (this as a example but I have test this for
source address and destination address separate what means addresses and ports
specified are o.k.!!)
The DECbridge900MX (2x but on both the same problem) has software image
1.4 ,the HUB900 3.1 and there are 1 DECconcentrator900MX with version 2.8.
(tested it first with the old firmware 1.2 , 3.0 and 2.0)
Ronald de Groot
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 1601.1 | more details please | SLINK::HOOD | I'd rather be at the Penobscot | Fri Oct 21 1994 13:50 | 16 |
>When I do it with manual mode disabled (bridge in learning mode) address >filtering works fine. But when I use the manual mode option and specified >source an destination filters (MAC and DECNET) in the addrees filter list >it won't work. What happens when it doesn't work? Are the filter entries rejected? Or does filtering on those entries not occur? >Alse multicast, all local bridge and IEEE 802.1d Bridge group >address are in the filter list with no port filters. (This is the default) Yes, that is the default. Tom Hood HUBwatch | |||||
| 1601.2 | UTRTSC::GROOT_R | Ronald de Groot | Sun Oct 23 1994 18:14 | 4 | |
The filter entries are rejected. This means no connection possible from
source to destination address.
Ronald
| |||||
| 1601.3 | Defined address on one port only | NETCAD::COOPER | Tue Oct 25 1994 14:43 | 22 | |
If I read your filter file correctly you have all your ports in manual
mode with two MAC/DECnet addresses defined(management set) on several
ports. Very confusing to the bridge - same as having several stations
on different ports with the same address.
To use the manual mode feature, that disables natural learning on a
port, you must set a port to manual mode by setting that port to red
arrow in the unspecified filter defaults box. Next add the MAC
addresses of the stations that will reside on that port - add MAC
address filter and set only a single port arrow to green. For instance,
port 1 is set to manual mode and the unicast address filter
08-00-00-00-00-00 is created and its port mask 1 is set green(this
station resides on port 1). Do you same for your other ports and
station addresses.
That's my shot at it.
Ernie
System test
So in short, you must do the learning for the bridge.
| |||||
| 1601.4 | UTRTSC::GROOT_R | Ronald de Groot | Tue Oct 25 1994 18:15 | 19 | |
reply to .3
The filter file is a example of what I had done (there are more
addresses in then in the example file). But what I have done is
what you write I have make all active ports on the bridge green
for the address filters who must past the bridge. How must I
specified a address who is on port 1 and must be forward to des-
tination addresses who are on port 2 and 3 but must be filtered
on port 4,5,6 and 7? On the moment it is not possible for me to
try this out because I don't have a bridge to test. I have ordered
a spare one but on the moment there are no spare DECbridge900MX
in our country (Holland). On the customer site the bridge is
working but with address filters of node's who must not past the
bridge and not with address filters who must past the bridge and
with all ports in manual mode. (customer is a university and
node's who must filtered are PC's)
Ronald
from the students)
| |||||
| 1601.5 | problem fixed. | UTRTSC::GROOT_R | Ronald de Groot | Wed Oct 26 1994 12:32 | 20 |
Problem found. There was a CISCO IP router in the network who was
also the decnet router. The customer did not known that he had a
decnet router!!! (had only one area). We found it because the
customer logged a call that he had performance problems with remote
pathworks PC's. After we had connected a LANanalyzer (IRIS PC) on
the network we saw the problem. All connections where go to the
CISCO on a different segment (must pass 4 bridge ports). First the
customer won't believe this but after we disabled decnet routing on
the CISCO all works fine. The filters are working and no performance
problems. The customer believe that he had no problems with LANbridge
200 (4x) in the past but he must have the same problems only the
CISCO router maybe was on the same segment as the PC's (less
segment's). Ernie thanks that you had look in the filter list but
I think it must be possible to set one filter on all ports or one for
example port 1 + 2 + 3. The most important is that the customer is
happy again and that the problem was not in the bridge's but in the
network configuration.
Ronald
| |||||