Config Router

You are here: Home / Cisco / Protocol Filtering

Protocol Filtering

by

Protocol Filtering

A switch forwards traffic within a broadcast domain based upon the destination MAC address. The switch filters, forwards, or floods the frame depending upon whether or not the switch knows about the destination in its address table. The switch normally does not look at any Layer 3 information (or Layer 2 protocol type) to decide how to treat the frame. (MLS and MPOA are exceptions). Refer to Figure 5-21 for another example of the Catalyst blocking traffic based upon the protocol.

Figure 5-21. Protocol Filtering
protocol-filtering-5.21

If Station A in Figure 5-21 sends a frame to Station B, the switch forwards the frame, even if Station B does not share the same Layer 3 protocol as Station A. This is an unusual situation. Suppose, however, that the VLAN contains stations with a mix of protocols in use. Some stations use IP, some use IPX, and others might even have a mix of protocols. If a switch needs to flood an IP frame, it floods it out all ports in the VLAN, even if the attached station does not support the frame’s protocol. This is the nature of a broadcast domain.

A Catalyst 5000 equipped with a NetFlow Feature Card and a Supervisor III engine, as well as many other Catalysts, can override this behavior with protocol filtering. Protocol filtering works on Ethernet, Fast Ethernet, or Gigabit Ethernet non-trunking interfaces. Protocol filtering prevents the Catalyst from flooding frames from a protocol if there are no stations on the destination port that use that protocol. For example, if you have a VLAN with a mix of IP and IPX protocols, any flooded traffic appears on all ports in the VLAN. Protocol filtering prevents the Catalyst from flooding traffic from a protocol if the destination port does not use that protocol. The Catalyst listens for active protocols on an interface.

Only when it sees an active protocol does it flood traffic from that protocol. In Figure 5-21, there is a mix of protocols in the VLAN. Some of the stations in the network support only one protocol, either IP or IPX. Some of the stations support both. The Catalyst learns that Station A uses IP, Station B uses IPX, and Station C uses both by examining the Layer 2 protocol type value. When Station A creates an IP broadcast, Station B does not see the frame, only Station C. Likewise, if Station B creates a frame for the switch to flood, the frame does not appear on Station A’s interface because this is an IP-only interface.

The Catalyst enables and disables protocols in groups. They are the following:

  • IP
  • IPX
  • AppleTalk, DECnet, and Vines
  • All others