Data Sheet

ManualsBrandsIntel ManualsComputing & OfficeIntel Intel Ethernet Server Adapter I210-T1 - Network adapter 1 Gbps LAN (10/100/1000 Mbps), PCI-Express

631

632

633

634

635

636

637

638

639

640

System Manageability—Ethernet Controller I210

633

Some general rules apply:

• Fragmented packets are passed to manageability but not parsed beyond the IP header.

• Packets with L2 errors (CRC, alignment, etc.) are not forwarded to the MC.

• Packets longer than 2KB are filtered out.

The following sections describe the manageability filtering, followed by the final filtering rules.

The filtering rules are created by programming the decision filters as described in Section 10.3.4.

10.3.2 L2 Filters

10.3.2.1 MAC and VLAN Filters

The manageability MAC filters allow comparison of the Destination MAC address to one of 4 filters

defined in the MMAH and MMAL registers.

The VLAN filters allow comparison of the 12 bit VLAN tag to one of 8 filters defined in the MAVTV

registers.

10.3.2.2 EtherType Filters

Manageability L2 EtherType filters allow filtering of received packets based on the Layer 2 EtherType

field. The L2 type field of incoming packets is compared against the EtherType filters programmed in

the Manageability EtherType Filter (METF; up to 4 filters); the result is incorporated into decision filters.

Each Manageability EtherType filter can be configured as pass (positive) or reject (negative) using a

polarity bit. In order for the reverse polarity mode to be effective and block certain type of packets, the

EtherType filter should be part of all the enabled decision filters.

An example for usage of L2 EtherType filters is to determine the destination of 802.1X control packets.

The 802.1X protocol is executed at different times in either the management controller or by the Host.

L2 EtherType filters are used to route these packets to the proper agent.

In addition to the flexible EtherType filters, the I210 supports 2 fixed EtherType filters used to block NC-

SI control traffic (0x88F8) and flow control traffic (0x8808) from reaching the manageability interface.

The NC-SI EtherType is used for communication between the management controller on the NC-SI link

and the I210. Packets coming from the network are not expected to carry this EtherType and such

packets are blocked to prevent attacks on the management controller. Flow control packets should be

consumed by the MAC and as such are not expected to be forwarded to the management interface.

Note: In order to get meaningful filtering of Ethertype packets, negative filters should be in the AND

section. If more than one positive Ethertype filter is needed, then they should be set in the

OR section. A single positive Ethertype filter may be enabled both in the AND or in OR

section.

10.3.3 L3/L4 Filtering

The manageability filtering stage combines checks done at previous stages with additional L3/L4 checks

to make a the decision on whether to route a packet to the MC. The following sections describe the

manageability filtering done at layers L3/L4 and final filtering rules.