Hardware acls and qos classifications, Classifying your traffic, Security acls – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Access Control Lists Introduction

Software Reference for x310 Series Switches

33.8

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Hardware ACLs and QoS classifications

Interface ACLs and QoS policies can both be attached to the same port. Where this is
done, packets received on the port will be matched against the ACLs first.

The interface ACLs and QoS classifications are implemented by taking the first matching
filter and applying the action defined for that filter. All subsequent matches in the table
are then ignored. Thus, because ACLs are also matched first, if the matching ACL has a
permit action, the packet is forwarded due to that rule's action and any subsequent QoS
rules are bypassed.

You can also apply permit rules using QoS.

For example, you might want to permit a source IP address of 192.168.1.x, but block
everything else on 192.168.x.x.

In this case you could create both the permit and deny rules using QoS.

Classifying Your Traffic

Classification is the process of filtering and marking. Filtering involves sorting your data
into appropriate traffic types. Marking involves tagging the data so that downstream ports
and routers can apply appropriate service policy rules.

There are two reasons to classify data:

1.

To provide network security (Security ACLs)

2.

To apply service quality criteria QoS.

Security ACLs

The main application of security ACLs is to block undesired traffic. Other applications
include:

■

copy-to-cpu

■

copy-to-mirror

■

send-to-cpu

■

send-to-mirror