Configuring Layer 3 Protocol Filtering
You can configure a Layer 2 LAN port with any one of these modes for each protocol group: on, off, or
auto. If the configuration is set to on, the port allows all traffic for that protocol. If the configuration is
set to off, the port does not allow any traffic for that protocol.
If the configuration is set to auto, the Layer 2 LAN port initially does not allow any flood traffic to be
transmitted from the port. After a packet is received on that port, the port will transmit traffic for that
protocol group. Once in this state, the port reverts back to allowing flood traffic to be transmitted if no
packets for that protocol have been received for 60 minutes. Layer 2 LAN ports are also removed from
the protocol group when the supervisor engine detects that the link is down on the port.
If a host that supports both IP and IPX is connected to a Layer 2 LAN port configured as auto for IPX,
but the host is transmitting only IP traffic, the port to which the host is connected will not transmit any
flooded IPX traffic. However, if the host sends an IPX packet, the supervisor engine software detects the
protocol traffic and the port begins transmitting flooded IPX traffic. If the host stops sending IPX traffic
for more than 60 minutes, the port stops transmitting flooded IPX traffic.
By default, Layer 2 LAN ports are configured to on for all protocol groups. Typically, you should only
configure a Layer 2 LAN port to auto for IP if an end station is directly connected to the port.
Protocol filters are configured according to groups of protocols, not specific protocols. There are four
groups of protocols defined:
•
•
•
•
Configuring Layer 3 Protocol Filtering
These sections describe how to configure Layer 3 protocol filtering on Ethernet-type VLANs and on any
type of Layer 2 LAN port:
•
•
•
Note
With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level
commands by entering the do keyword before the EXEC mode-level command.
Enabling Layer 3 Protocol Filtering
To enable Layer 3 protocol filtering globally, perform this task:
Command
Router(config)# protocol-filter
Router(config)# no protocol-filter
Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
27-2
IP
IPX
AppleTalk, DECnet, and Banyan VINES ("group")
Packets not belonging to any of these protocols ("other")
Enabling Layer 3 Protocol Filtering, page 27-2
Configuring Layer 3 Protocol Filtering on a Layer 2 LAN Interface, page 27-3
Verifying Layer 3 Protocol Filtering Configuration, page 27-3
Chapter 27
Configuring Layer 3 Protocol Filtering on Supervisor Engine 1
Purpose
Enables Layer 3 protocol filtering globally.
Disables Layer 3 protocol filtering globally.
78-14064-04