Troubleshooting guide
11-25
Cisco Broadband Local Integrated Services Solution Troubleshooting Guide
OL-5169-01
Chapter 11 Element Management and MIBs
Cisco uBR7246vxr MIBs
• Link Level Control Filtering group (docsDevFilterLLC)
LLC (Link Level Control) filters can be defined on an inclusive or exclusive basis: CMs can be
configured to forward only packets matching a set of layer three protocols, or to drop packets
matching a set of layer three protocols. Typical use of these filters is to filter out possibly harmful
protocols.
–
Link Level Control Filter table contains a list of filters to apply to (bridged) LLC traffic. The
filters in this table are applied to incoming traffic on the appropriate interface(s) prior to any
further processing (e.g. before handing the packet off for level 3 processing, or for bridging).
The specific action taken when no filter is matched is controlled by
docsDevFilterLLCUnmatchedAction.
–
Filter IP table (docsDevFilterIp) contains an ordered list of filters or classifiers to apply to IP
traffic. Filter application is ordered by the filter index, rather than by a best match algorithm
(Note that this implies that the filter table may have gaps in the index values). Packets which
match no filters will have policy 0 in the docsDevFilterPolicyTable applied to them if it exists.
Otherwise, Packets which match no filters are discarded or forwarded according to the setting
of docsDevFilterIpDefault.
Any IP packet can theoretically match multiple rows of this table. When considering a packet,
the table is scanned in row index order (e.g. filter 10 is checked before filter 20). If the packet
matches that filter (which means that it matches ALL criteria for that row), actions appropriate
to docsDevFilterIpControl and docsDevFilterPolicyId are taken. If the packet was discarded
processing is complete. If docsDevFilterIpContinue is set to true, the filter comparison
continues with the next row in the table looking for additional matches.
If the packet matches no filter in the table, the packet is accepted or dropped for further
processing based on the setting of docsDevFilterIpDefault. If the packet is accepted, the actions
specified by policy group 0 (e.g. the rows in docsDevFilterPolicyTable which have a value of 0
for docsDevFilterPolicyId) are taken if that policy group exists.
Logically, this table is consulted twice during the processing of any IP packet - once upon its
acceptance from the L2 entity, and once upon its transmission to the L2 entity. In actuality, for
MTAs, IP filtering is generally the only IP processing done for transit traffic. This means that
inbound and outbound filtering can generally be done at the same time with one pass through
the filter table.
Entries in this table describe a filter to apply to IP traffic received on a specified interface. All
identity objects in this table (e.g. source and destination address/mask, protocol, source/dest
port, TOS/mask, interface and direction) must match their respective fields in the packet for any
given filter to match. To create an entry in this table, docsDevFilterIpIfIndex must be specified.
–
The Filter Polity Table maps between a policy group ID and a set of policies to be applied. All
rows with the same docsDevFilterPolicyId are part of the same policy group and are applied in
the order in which they are in this table.
docsDevFilterPolicyTable exists to allow multiple policy actions to be applied to any given
classified packet. The policy actions are applied in index order For example:
Index ID Type Action
11TOS1
95TOS1
12 1 IPSEC 3