Allied Telesis AT-S63 User Manual
Page 350

Chapter 19: Access Control List Commands
350
Section II: Advanced Operations
Modes
For the ACCESS-LIST commands:
Configure mode
For the SERVICE-POLICY ACCESS commands:
Port Interface mode
Description
As explained in the AT-S63 Management Software Features Guide, an 
access control list has two parts. There is the classifier, which defines the 
traffic flow, and the access control list itself, which defines the action that 
the ports should take when they receive packets that are members of the 
defined traffic flow.
The AlliedWare Plus commands handle these elements in very different 
ways than the other management interfaces. These differences, which are 
explained here, should be taken into account when deciding whether to 
use the AlliedWare Plus commands or the other management interfaces 
to manage this feature.
The classifiers and the access control lists are considered as separate 
elements by the other management interfaces — the menus, the web 
browser windows, and the standard command line. To manage this 
feature with one of these interfaces, you first have to create the classifiers 
that define the traffic flows you want to control, and then the access 
control lists that define whether the ports accept or reject the packets of 
the defined flows.
In contrast, the AlliedWare Plus commands consider an access control list 
and its classifier as a single unit. You create both at the same time with the 
ACCESS-LIST commands.
Another difference is how you define the traffic flows. With the other 
management interfaces, you define the traffic flows by selecting the 
desired criteria when you create the classifiers.
With the AlliedWare Plus commands the traffic flows are defined by the ID 
numbers, which are divided into ranges, with each range representing a 
different criterion. The ID number tells the AlliedWare Plus commands the 
intended traffic flow of an access control list. For instance, to filter on 
source IP addresses, you would select an ID number in the range of 1 to 
99. Or, for a filter of ICMP packets, you would select an ID number in the 
range of 156 to 199.
If you look at the description of “CREATE CLASSIFIER” on page 336, 
you’ll see that classifiers have quite a few criteria for you to choose from in 
defining traffic flows. But most of the criteria are not available to you when 
