[Filter 1 Advanced Menu] 8021p - 802.1p Advanced Menu tcp - TCP Advanced Menu ip - IP Advanced Menu layer7 - Layer 7 Advanced Menu proxyadv - Proxy Advanced Menu redir - Redirection Advanced Menu security - Security Menu report - Report Menu icmp - Set ICMP message type cont - Set BW contract revcont - Set BW contract for the reverse session tmout - Set NAT or L7 lookup session timeout idsgrp - Set IDS server group for intrusion detection SLB idshash - Set hash parameter for intrusion detection SLB thash - Set hash parameter for Filter mcvlan - Set MCAST NAT egress VLAN Id goto - Set GOTO filter ID udpage - Set fast aging for UDP sessions rtsrcmac - Enable/disable return to source mac addr reverse - Enable/disable creating session for reverse side traffic cache - Enable/disable caching sessions that match filter l3filter - Set the layer 3 filter sesslog - Enable/disable session logging rtsport - Enable/disable retention of SIP source port for NAT filter log - Enable/disable logging mirror - Enable/disable session mirroring nbind - Enable/disable subnet binding for redirection matchdev – Enable/disable matching traffic to device IP interfaces cos - Set the class of service persistency string mactome - Enable/disable matching traffic to device mac addresses rtsrctun - Enable/disable return to source tunnel cur - Display current advanced filter configuration |
Command Syntax and Usage | |
---|---|
8021p | |
Displays the 802.1p Advanced menu. IEEE 802.1p is the specification for prioritizing the network traffic at the Layer 2 level in your Alteon. To view this menu, see /cfg/slb/filt <filter number>/adv/8021p 802.1p Advanced Menu. Using this menu, you can preserve 802.1p bits in all the frames that pass through Alteon. | |
tcp | |
Displays the TCP Advanced menu. To view this menu, see /cfg/slb/filt <filter number>/adv/tcp TCP Advanced Menu. | |
ip | |
Displays the IP Advanced menu. To view this menu, see /cfg/slb/filt <filter number>/adv/ip IP Advanced Menu. | |
layer7 | |
Displays the Layer 7 Advanced menu. To view this menu, see /cfg/slb/filt <filter number>/adv/layer7 Layer 7 Advanced Filter Configuration Menu. | |
proxyadv | |
Displays the Proxy Advanced menu. To view this menu, see /cfg/slb/filt/adv/proxyadv Proxy Advanced Menu. Note: When delayed binding is enabled at /cfg/slb/filt/adv/redir/dbind and client proxy is disabled at /cfg/slb/filt/adv/proxyadv/proxy, the redirection filter changes the destination IP address to the real server IP address. | |
redir | |
Displays the to Redirection Advanced menu. To view this menu, see /cfg/slb/filt<filter number>/adv/redir Redirection Advanced Menu. When the destination port is set to RTSP (554) at /cfg/slb/filt/dport, the filter automatically works in delayed binding (dbind) mode even if the dbind option is disabled for filter redirection. | |
security | |
Displays the Security Menu. To view this menu, see /cfg/slb/filt <filter number>/adv/security SLB Filter Advanced Security Menu. | |
report | |
Displays the Reporting Menu. To view this menu, see /cfg/slb/filt <filter number>/adv/report Reporting Menu. | |
icmp message type |any| <number> | <type; “icmp list” for list> | |
Specifies the ICMP message type to be filtered. For a list of ICMP message types, see ICMP Message Types. For a detailed description of filtering and ICMP, see the Alteon Command Line Interface Application Guide. Default: any | |
cont <BWM Contract (1-1024)> | |
Specifies a bandwidth management contract for traffic to the virtual server. By default, all services under this virtual server are assigned this contract. You can also define the contract at the virtual service level with the /cfg/slb/virt <number>/service <number>/cont command. All the frames that match this virtual server services are assigned this contract if the previously assigned contract for the frame has lower or equal precedence to the virtual server contract. Default: 1024 | |
revcont <BW Contract (1-1024)> | |
Specifies a bandwidth management contract for the reverse traffic session. This lets you assign a different bandwidth management contract from the one configured on the ingress filter. Default: 1024 | |
tmout <even number of minutes (4-32768)> | |
Specifies the length of time, in minutes, that an inactive session remains in the session table. Every client-to-server session being load balanced is recorded in the session table. When the client ends the session, the session table entry is removed. In certain circumstances, such as when a client application is abnormally terminated by the client’s system, TCP and UDP connections remain registered in the session table. In order to prevent table overflow, these orphaned entries must be aged out of the session table. Default: 4 Note: Alteon considers the timeout (tmout) setting configured in a filter as an action of NAT and Layer 7 lookup. For any other actions, the timeout configured for the real server takes precedence over the filter timeout. (For more information about configuring tmout for a real server, see /cfg/slb/real/adv Real Server Advanced Menu.) | |
proxyip <IP address> | |
Defines the client proxy IP address. | |
idsgrp <real server group ID (1-1024)|none> | |
Specifies the real server group for Intrusion Detection System (IDS) load balancing. When filtering is used for IDS load balancing, each filter added to an IDS load balancing-enabled port can be assigned a unique IDS real server group. Values: ![]() ![]() Default: none | |
idshash sip|dip|sip+dip|sip+sport|dip+dport|all | |
Specifies the hash metric parameter for Intrusion Detection System (IDS) server load balancing. Values: ![]() ![]() ![]() ![]() ![]() ![]() Default: dip | |
thash auto|sip|dip|both|sip+sport|dip32 | |
Specifies the hash parameter to use for server selection when the server group metric is hash. Values: ![]() ![]() ![]() ![]() ![]() Default: auto | |
mcvlan <VLAN ID (0-4090)> | |
Specifies the VLAN to which the multicast packet must be sent, when performing multicast NAT. Default: 0 | |
goto <filter ID> | |
Specifies a target filter ID that the filter search should jump to when a match occurs. Filter searching continues from the designated filter ID. To use this feature, the action on this filter must be set to goto. This filter does not support Layer 7 classification. Values: 1 – 2048 Note: The ID specified in this field must be higher than the filter ID (the ID of the object itself). | |
udpage | |
Specifies the current UDP fast age mode for the filter. Values: ![]() ![]() ![]() Default: onlydns | |
icap | |
Specifies the ICAP policy for the filter. | |
rtsrcmac disable|enable | |
Enables or disables the return of traffic to the source MAC address. Values: ![]() ![]() Default: disable Note: When rtsrcmac is enabled, the source port on the traffic is changed. If you wish to preserve source port, enable reverse. | |
reverse disable|enable | |
Specifies whether to create a session table entry for the server return traffic. Such an entry is required to properly process return traffic from the server when it is necessary to preserve the original source port in the request forwarded to the server. Default: disable | |
cache disable|enable | |
Specifies whether to enable caching sessions that match the filter. Default: enable Note: Use caution when applying cache-enabled and cache-disabled filters to the same port. A cache-enabled filter creates a session entry so that Alteon can bypass checking for subsequent frames that match the same criteria. The cache should be disabled if applying a filter to virtual server IP address when performing UDP load balancing. For more information, see the udp option under /cfg/slb/virt <server number> /service <virtual port or application name> Virtual Server Service Configuration. | |
l3filter disable|enable | |
Specifies whether to enable L3 filters. Enabling this feature forces the non-cached redirection filter to handle the fragment packets as in SLB, by storing the fragment packets and creating a session entry. Default: disable | |
sesslog disable|enable | |
Specifies whether to enable or disable session logging. Session logs are sent to the syslog servers via the data port when the sessions are deleted or aged out. The Alteon switch processor sends the buffered session logging data to the syslog server at regular intervals (every 30 seconds) if the buffer is not completely filled. There will be no session syslog if no sessions have aged out during this duration of 30 seconds. Note: Syslog servers configured on Alteon must be accessible via the data ports. Default: disable | |
rtsport disable|enable | |
Specifies the SIP source port retention mode. When processing outbound SIP over UDP traffic, there is often a need to preserve the source port. To support outbound SIP traffic while preserving the source port, the following is required: ![]() ![]() Values: ![]() ![]() ![]() Default: disable | |
log disable|enable | |
Specifies whether to enable or disable generating syslog messages when a filter is matched. Default: disable | |
mirror disable|enable | |
Specifies whether to enable or disable session mirroring on the selected filter. Session mirroring synchronizes the state of active connections with the standby Alteon to prevent service interruptions in case of failover. Session mirroring is recommended for long-lived TCP connections, such as FTP, SSH, and Telnet connections. Session mirroring for protocols characterized by short-lived connections such as UDP and in many cases HTTP, is not necessary. Radware recommends that you use session mirroring only when you need to maintain the state of a long connection. When implementing session mirroring, note the following: ![]() ![]() ![]() — SIP — FTP — NAT filters — Layer 4 SLB with delayed binding ![]() — Active-active VRRP — RTSP — Layer 7 SLB — Allow, deny, redir filters ![]() ![]() Default: disable | |
nbind disable|enable | |
Specifies whether to enable client subnet persistent binding for filter redirection. Default: disable | |
matchdev disable|enable | |
Specifies whether the filter should match traffic whose destination is a device IP address (if that IP is part of the match settings destination). Values: ![]() ![]() ![]() Default: allexclif | |
cos <"1-32 character class of service string[any|string]">|none | |
Specifies whether the filter should match source IP addresses for which the class of service recorded in the Alteon user data table matches the specified value. The IP address to class of service relation is recorded in the Alteon user data table via an AppShape++ script. For example, using data gathered from RADIUS traffic. | |
mactome enabled|disabled | |
Locally enables or disables filtering by destination MAC address. The mactome matching condition is met when the destination MAC address belongs to Alteon. For a mactome match to be checked, mactome must be enabled both globally under /cfg/slb/adv, and on the filter. ![]() When the destination MAC address matches a MAC address owned by Alteon, but mactome is disabled globally, the mactome match is not checked. ![]() Default: enabled | |
rtsrctun enabled|disabled | |
Enables a front-end Alteon to reply to a request using the same tunnel through which the request was received when encapsulated traffic is received over multiple tunnels and no IP route is configured for a tunnel. Default: disabled | |
cur | |
Displays the current advanced filter configuration. |