Step 1
| On the
Configure Filters tab, click the
Edit button next to the
Name of the filter that you want to edit.
|
Step 2
| In the
Edit
Filter dialog box, edit the following fields:
Name
|
Description
|
Name
field
|
The
name of the filter. The name can contain between 1 and 256 alphanumeric
characters including the following special characters: underscore ("_"), hyphen
("-"), plus ("+"), equals ("="), open parenthesis ("("), closed parenthesis
(")"), vertical bar ("|"), period ("."), or at sign ("@").
Note
|
The
name cannot be changed once you have saved it.
|
|
Bidirectional check box
|
Check
this box if you want the filter to capture traffic information from a source
IP, source port, or source MAC address to a destination IP, destination port,
or destination MAC address, and from a destination IP, destination port, or
destination MAC to a source IP, source port, or source MAC address.
|
|
Step 3
| In the
Layer
2 section of the
Edit
Filter dialog box, complete the following fields:
|
|
Ethernet Type field
|
Required. The Ethernet type of the Layer 2 traffic. The default
value displayed is IPv4, or you can choose one of the following:
-
IPv6
-
ARP
-
LLDP
-
Predefined EtherTypes
-
All EtherTypes
-
Enter Ethernet Type—If you choose Enter Ethernet Type as the
type, enter the Ethernet type in hexadecimal format.
If you choose Predefined
EtherTypes, all predefined Ethernet types contained in the config.in file are
associated with the rule, and you should not configure any other parameters.
Note
|
You can now configure more than 1 user-defined Ethernet type per
filter. You can apply an arbitrary number of Ethernet types that are separated
by "," so that a single filter can be setup for the different traffic types.
|
|
VLAN Identification Number field
|
The
VLAN ID for the Layer 2 traffic. You can enter a single VLAN ID, a range of
VLAN ID values, or comma-separated VLAN ID values and VLAN ID ranges, for
example, 1-4,6,8,9-12.
Note
|
For
NX-API, a VLAN ID with Layer 3 address is not supported. If a VLAN ID with
Layer 3 address is configured, it results in the inconsistent flows. You have
to troubleshoot and fix the flows.
|
|
VLAN Priority field
|
The
VLAN priority for the Layer 2 traffic.
|
Source MAC Address field
|
The
source MAC address of the Layer 2 traffic.
|
Destination MAC Address field
|
The
destination MAC address of the Layer 2 traffic.
|
|
Step 4
| In the
Layer
3 section of the
Edit
Filter dialog box, complete the following fields:
Name
|
Description
|
Source IP Address field
|
The
source IP address of the Layer 3 traffic. This can be one of the following:
-
The host IP address, for example, 10.10.10.10
-
Discontiguous source IP address, for example, 10.10.10.10,
10.10.10.11, 10.10.10.12
-
An IPv4 address range, for example, 10.10.10.10-10.10.10.15
-
An IPv4 subnet, for example, 10.1.1.0/24
-
The host IP address in IPv6 format, for example, 2001::0
Note
|
-
You cannot enter a range of IPv6 addresses in the
Source IP Address field.
-
If you configure a range of Layer 3 source IP addresses, you
cannot configure ranges of Layer 4 source or destination ports.
-
If you configure a range of Layer 3 source IP addresses, you
cannot configure ranges of Layer 2 VLAN identifiers.
|
|
Destination IP Address field
|
The
destination IP address of the Layer 3 traffic. This can be one of the
following:
-
The host IP address, for example, 10.10.10.11
-
An IPv4 address range, for example, 10.10.10.11-10.10.10.18
-
An IPv4 subnet, for example, 10.1.1.0/24
-
The host IP address in IPv6 format, for example, 2001::4
-
The subnet, for example, 10.0.0.0/25
Note
|
-
You cannot enter a range of IPv6 addresses in the Destination IP
Address field.
-
If you configure a range of Layer 3 source IP addresses, you
cannot configure ranges of Layer 4 source or destination ports.
-
If you configure a range of Layer 3 source IP addresses, you
cannot configure ranges of Layer 2 VLAN identifiers.
|
|
Protocol drop-down list
|
Choose the Internet protocol of the Layer 3 traffic. This can be
one of the following:
-
ICMP
-
TCP
-
UDP
-
Enter Protocol
If you choose Enter Protocol as the type, enter the
protocol number in decimal format.
|
ToS Bits field
|
The
Type of Service (ToS) bits in the IP header of the Layer 3 traffic. Only the
Differentiated Services Code Point (DSCP) values are used.
|
|
Step 5
| In the
Layer
4 section of the
Edit
Filter dialog box, complete the following fields:
Name
|
Description
|
Source Port drop-down list
|
Choose the
source port of the Layer 4 traffic. This can be one of the following:
Note
|
If
you configure a range of Layer 4 source ports, you cannot configure ranges of
Layer 3 IP source or destination addresses.
If you configure a range of Layer 4 source ports, you cannot configure ranges of Layer 2 VLAN identifiers.
|
|
Destination Port drop-down list
|
Choose the
destination port of the Layer 4 traffic. This can be one of the following:
Note
| If
you configure a range of Layer 4 destination ports, you cannot configure ranges of
Layer 3 IP source or destination addresses.
If you configure a range of Layer 4 destination ports, you cannot configure ranges of Layer 2 VLAN identifiers.
|
|
|
Step 6
| In the
Layer
7 section of the
Edit
Filter dialog box, complete the following fields:
Name
|
Description
|
HTTP Method field
|
You
can configure matching on the HTTP methods and redirect the traffic based on
that method. Select one or more methods to match within a single filter. This
option is available only when the destination port is HTTP or HTTPS.
-
Connect
-
Delete
-
Get
-
Head
-
Post
-
Put
-
Trace
Note
|
The TCP option length is enabled when you select any one of the
methods from Layer 7 traffic.
|
|
TCP Option Length field
|
You
can extend the filter configuration to specify the TCP option length in the
text box. The default value on the text box is 0. All methods within the filter
have the same option length.
Enter the TCP option length in a decimal format.
Note
|
The value on the text box should be in the multiples of 4 and it
can range from 0-40.
|
|
|
Step 7
| Click
Edit
Filter.
|