Allows to select packets filtering mode. "[-]" – cancels the parameter's action. The MAC filter algorithm consists of two steps:
- The filter searches for the MAC address in the table.
- If the MAC address is found, the IP address matching check is performed.
- "strict" – enables strict filtering mode. In this mode all packets received from units not described in the mapping table are discarded. By default "strict" mode is disabled.
Warning |
---|
|
If you are remotely configuring a router using telnet, make sure, when enabling the strict mode, that your own workstation is already added correctly in the mapping table. Otherwise you lose control over the router, and disabling the strict mode will be only possible through the router's diagnostics port. |
- "reverse" – swaps the processing steps: first, an IP address is searched, then the MAC addresses are compared.
- "simple" – only the first step of the above algorithm is executed. If the address is found in the mapping table, then the packet is normally handled by the router. Otherwise, the packet will be discarded, regardless of whether the "strict" option is enabled or not (the second address is not checked).
- "dhcp" – in this modemacf filter is automatically supplemented with addresses issued by local DHCP server. These records are not stored in a permanent configuration and work until the given address is deleted by DHCP server.
- "quiet" – switches off logging to the system log. If the network packet is discarded by a filter, this fact is logged. To reduce the number of registrated packages, only the first attempt from the similar packets group is logged.
If there is an intermediate router between the subscriber terminal and the local network, "reverse strict" or "reverse simple" can be used with all valid workstations IP addresses, and the intermediate router MAC address.
In case, the several local networks are connected to the subscriber terminal, separated by intermediate routers, it is possible to use "simple" or "reverse strict" with intermediate routers MAC addresses.
Note |
---|
|
In many cases, this problem can be solved easier by using the "arp" command. |