Configuring a multicast or protocol traffic filter

Syntax:


filter
no filter
[multicast <mac-address>]

Specifies a multicast address. Inbound traffic received (on any port) with this multicast address will be filtered. (Default: Forward on all ports.)

The no form of the command deletes the multicast filter for the <mac-address> multicast address and returns the destination ports for that filter to the Forward action.

[<forward|drop> <port-list>]

Specifies whether the designated destination port(s) should forward or drop the filtered traffic.

[protocol <ip|ipx|arp|appletalk|sna|netbeui>]

Specifies a protocol type. Traffic received (on any port) with this protocol type will be filtered. (Default: Forward on all ports.)

The no form of the command deletes the protocol filter for the specified protocol and returns the destination ports for that filter to the Forwardaction.

[<forward|drop> <port-list>]

Specifies whether the designated destination port(s) should forward or drop the filtered traffic.

Example:

Suppose you wanted to configure the filters in the following table on a switch. (For more on source-port filters, see Configuring a source-port traffic filter.
Filter example

Filter type

Filter value

Action

Destination ports

source-port

Inbound ports: 1, 2

Drop

1-4

multicast

010000-123456

Drop

5-8, 9-12

multicast

010000-224466

Drop

13-15

protocol

Appletalk

Drop

16-19, 1

protocol

ARP

Drop

22, 23-24

The following commands configure the filters listed above:

Configuring various traffic/security filters

switch(config)# filter source-port 1 drop e 1-4
switch(config)# filter source-port 2 drop 1-4
switch(config)# filter multicast 010000-123456 drop e 5-8,9-12
switch(config)# filter multicast 010000-224466 drop e 13-15
switch(config)# filter protocol appletalk drop e 16-19,1
switch(config)# filter protocol arp drop e 22,23-24