AM263Px INDUSTRIAL COMMUNICATIONS SDK  10.02.00
ICSS EtherNet/IP VLAN Filter Design

Table of Contents

Introduction

The VLAN Filter support in the Receive (Rx) path provides a robust and flexible way to filter the incoming traffic to the host processor. The EtherNet/IP FWHAL provides a set of APIs that allow flexibility in configuring the filtering rules. Based on the configuration, only the allowed packets are sent to the host processor. This enables precise control over the network traffic, allowing for improved network security and performance.

Important Notes

  1. The VLAN Filter feature is only supported on the receive (Rx) path and controls the traffic flow to the host processor.
  2. Nested VLAN Tags are not supported - it is assumed only one VLAN tag will be present in the packet.
  3. The VLAN tag is not modified or removed in the firmware - the host processor receives the packet with the VLAN tag intact, if sent to the host.

Implementation Details

VLAN Filter Table

The VLAN Filter table is a 512-byte table that stores the VLAN IDs (VIDs) that are allowed or blocked. The table is divided into 4096 bits, with each bit corresponding to a specific VID. The table is used to determine whether a packet should be allowed or blocked based on its VID.

When the VLAN Filter is disabled, the following forwarding rules are used to handle the packets.

Packet Type Forwarding Mode
Broadcast Cut through and Forward to Host
Multicast Cut through and Forward to Host
Multicast frames like PTP/DLR are handled based on protocol
Unicast (not to Host) Cut through
Unicast (to Host) Forward to Host

However, when the VLAN Filter is enabled, the VLAN Filter Table is used to determine whether an incoming packet will be received by the host. If the VLAN Filter Table bit corresponding to the VID in the VLAN Tag of the packet received is:

  • 0, then the host reception of the frames is disabled
  • 1, then the host reception of the frames is enabled

To enable/disable the VLAN Filtering feature, the following API can be used : EIP_configureVlanFilter.

To configure a VID in the VLAN Filter table, the following API can be used : EIP_configureVidRx.

VLAN Filter Table Update Mechanism

Since each VID maps to a bit in the VLAN Filter Table, we need to compute the corresponding byte and bit as follows.

  • To find the byte (byte_lookup) from the VID : byte_lookup = (VID/8)
  • To find the bit (bit_lookup) in the byte_lookup : bit_lookup = (VID & 0x07)

For example, in order to configure the VID 150 in the VLAN Filter table:

byte_lookup = (150/8) = 18

bit_lookup = (150 & 0x07) = 6

Therefore, the bit 6 of the byte 18 is set or cleared in the VLAN Filter Table.

Special Handling of Frames

Untagged Frames

  • If the VLAN Filtering feature is disabled, host reception for the untagged frames is allowed.
  • If the VLAN Filtering feature is enabled, the behavior depends on the Untagged Frames Control bit.
    • If the bit is 0, host reception is enabled.
    • If the bit is 1, host reception is disabled.
  • This behavior can be configured using the EIP_configureUntaggedFrameRx API
  • NOTE: Bit value 0 is being used for host reception enable to maintain the backward compatibility.

Priority Tagged Frames (VID = 0)

  • If the VLAN Filtering feature is disabled, host reception for the priority tagged frames is allowed.
  • If the VLAN Filtering feature is enabled, the behavior depends on the Priority Tagged Frames Control bit.
    • If the bit is 0, host reception is enabled.
    • If the bit is 1, host reception is disabled.
  • This behavior can be configured using the EIP_configurePriorityTaggedFrameRx API
  • NOTE: Bit value 0 is being used for host reception enable to maintain the backward compatibility.

Firmware Details

In the EtherNet/IP firmware, the VID is fetched from the packet and used for looking-up the required bit in the VLAN Filter Table. If the selected bit is 0, then the frame is not sent to the host processor; while if the selected bit is 1, then the frame is sent to the host processor.

It uses the same lookup mechanism as explained in the "VLAN Filter Table Update Mechanism" section, i.e., we need to compute the corresponding byte and bit as follows.

  • To find the byte (byte_lookup) from the VID : byte_lookup = (VID/8)
  • To find the bit (bit_lookup) in the byte_lookup : bit_lookup = (VID & 0x07)

Flowchart

EtherNet/IP VLAN Filter Flowchart