
Upgrading Routers from Version 5 to Version 10.0
A-6
Filter Precedence Reversed in Version 10.0
In Version 5, you could use precedence to override a “drop” filter with an “accept”
filter. The same is true in Version 10.0, but the precedence levels have been
reversed numerically (1 = highest precedence; 31 = lowest precedence).
Site Manager requires you to define filters starting with the highest-precedence
(lowest-numbered) filter, and ending with the lowest-precedence (highest-
numbered) filter. For this reason, design the entire combined filtering scheme for
an interface first, then enter each filter, beginning with No. 1, the highest-
precedence filter.
Router Performance
If possible, use a strategy that accomplishes your filtering goals mainly with drop
filters, since these result in more efficient router performance.
Example of Version 10.0 Filtering on a Circuit
The following example (Table A-2) uses one drop-all filter and one accept filter
with two specific values. The result of the combination of these filters on a single
circuit is that all inbound packets bearing an address from 192.32.25.00 to
192.32.28.255 are dropped, except for packets addressed for destinations
192.32.28.55 and 192.32.28.70.
Table A-2. Version 10.0 Filtering on a Circuit
Filter Type
Filter Precedence
Level
Filter Number Start of Range End of Range
Accept 1 (highest) 1 192.32.28.55 192.32.28.55
192.32.28.70 192.32.28.70
Drop 2 (lowest) 2 192.32.25.00 192.32.28.255
Comentarios a estos manuales