Specifications
Switching add switch filter 8-75
Software Release 2.7.3
C613-03098-00 REV A
add switch filter
Syntax ADD SWItch FILter ACtion={FORward|DIScard}
DESTaddress=macadd PORT=port [ENTry=entry] [LEARn]
[VLAN={vlan-name|1..4094}]
where:
■ entry is a filter entry number, from 0 to n+1 where n is the highest filter
entry currently defined in the permanent forwarding database. The
permanent forwarding database has a maximum of 320 entries, ranging
from 0 to 319. Each port has its own permanent forwarding database.
■ vlan-name is a unique name from 1 to 32 characters. Valid characters are
uppercase and lowercase letters, digits, the underscore, and the hyphen.
The vlan-name cannot be a number or all.
■ port is the number of the switch port or uplink port to which this filter
applies.
■ macadd is an Ethernet six-octet MAC address, expressed as six pairs of
hexadecimal digits delimited by hyphens.
Description This command adds a single static filter entry to the permanent forwarding
database for a specified port. If the static entry matches an existing dynamic
entry that was learnt by the switch (a match means that the destaddress and
vlan parameters are the same for both entries), the static filter overwrites the
existing dynamic learnt entry. All the received frames that match the static
filter entry are forwarded to the specified port with an action of forward or
discard.
The action parameter specifies the outcome of the forwarding process for the
frame. When forward is specified, the frame is transmitted on the given port or
ports. When discard is specified, the frame is discarded.
The destaddress parameter specifies the value to be matched against the
destination MAC address from frames being filtered. The destination MAC
address must be an individual MAC address.
The port parameter specifies the outbound port over which a frame matching
this filter entry is discarded or forwarded. Whether the ports are tagged ports
or untagged ports is determined by the vlan parameter. When the port
parameter specifies tagged ports, then the vlan parameter is required.
The entry parameter specifies where in the permanent forwarding database the
new entry is added for the specified port. entry cannot be set greater than n+1
where n is the highest filter entry currently defined. When entry is not
specified, the new entry is appended to the bottom of the permanent
forwarding database: the default is n+1 where n is the highest filter entry
currently defined. Static and dynamic entries in the forwarding database are
kept in sorted order determined by their VLAN Identifier and MAC address.
Therefore the entry parameter does not affect the order of the filters in the
forwarding database. The order in which filter entries are displayed by the
show switch filter command is dependent upon the entry parameter.
The learn parameter specifies if the filter being added should be counted and
used as a learned MAC address for intrusion detection. Learned filters are not
totally static, and can be lost if the learning process is stopped by setting the
learn parameter to zero (see the set switch port command).