beautypg.com

Allied Telesis AT-S63 User Manual

Page 351

background image

AT-S63 Management Software Command Line User’s Guide

Section II: Advanced Operations

351

you manage this feature with the AlliedWare Plus commands. You are
limited to these four criteria:

Source IP addresses

Destination IP addresses

IP protocols

Source MAC addresses

If you are interested in controlling only these flow groups, then you can use
the ACCESS-LIST commands to create the access control lists. But if you
need to control other flow groups, you’ll have to use a different
management interface.

Access control lists are not the only feature that use classifiers. Flow
groups, which are part of the Quality of Service (QoS) policies, also use
them to identify the traffic flows the policies should control. In some
situations, you might want access control lists and flow groups to share the
same classifier to filter the same traffic. This is possible with the other
management interfaces, because you create and manage the classifiers
separately from the access control lists and the traffic flows.

But the same isn’t true with the AlliedWare Plus commands. Since these
commands consider a classifier inseparable from its flow group or access
control list, you can’t apply the same classifier to more than one flow group
or access control list.

Examples

This example configures ports 2 and 4 to accept traffic only from nodes
that have source IP addresses in the 149.22.124.0 subnet. The permitted
traffic is defined in the classifier and the access control list that are
assigned ID number 10. All the other traffic is denied in the classifier and
the access control list that are assigned the ID number 30:

awplus> enable
awplus# con

figure terminal

awplus(config)#

access-list 10 permit 149.22.124.0/24

awplus(config)#

access-list 30 deny any

awplus(config)# interface 2,4
awplus(config-if)#

service-policy access 10

awplus(config-if)#

service-policy access 30

This example configures port 11 to reject TCP traffic:

awplus> enable
awplus# con

figure terminal

awplus(config)#

access-list 170 deny tcp

awplus(config)# interface 11
awplus(config-if)#

service-policy access 170

See also other documents in the category Allied Telesis Computer hardware: