beautypg.com

Qos acls, Attaching hardware acls using qos, Qos acls attaching hardware acls using qos – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 833

background image

Access Control Lists Introduction

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

33.9

For more information on these applications see

“Actions for Hardware ACLs” on

page 33.7

QoS ACLs

When using ACLs though QoS, the same classification and action abilities are available,
but QoS has some additional fields that it can match on (see Match Commands) and also
provides the ability to perform metering, marking and remarking on packets that match
the filter definitions.

The action used by a QoS class-map is determined by the ACL that is attached to it. If no
ACL is attached, it uses the permit action. If an ACL is not required by the class-map (for
example, only matching on the VLAN) and a deny action is required, a MAC ACL should be
added with any for source address and any for destination address.

The following example creates a class-map with will deny all traffic on vlan 2:

The default class-map matches to all traffic and so cannot have any match or ACL
commands applied to it. The action for this class-map is set via the default-action
command and is permit by default. It can be changed to deny by using the following
commands:

For more information on applying QoS filtering, see

“Classifying your Data” on

page 38.8

.

Attaching hardware ACLs using QoS

The same functionality can be achieved using QoS, by attaching the ACL to a class-map,
attaching the class-map to a policy-map and attaching the policy-map to a port:

Step 1:

Enable QoS on the switch

Step 2:

Create access lists

Create ACL 3000 to permit all packets from the 192.168.1 subnet:

Create ACL 3001 to deny all packets from the 192.168.0 subnet.:

awplus(config)#

access-list 4000 deny any any

awplus(config)#

class-map cmap1

awplus(config-cmap)#

match access-group 4000

awplus(config-cmap)#

match vlan 2

awplus(config)#

policy-map pmap1

awplus(config-pmap)#

default-action deny

awplus(config)#

mls qos enable

awplus(config)#

access-list 3000 permit ip 192.168.1.0/24 any

awplus(config)#

access-list 3001 deny ip 192.168.0.0/24 any

See also other documents in the category Allied Telesis Computer hardware: