beautypg.com

Overview – Allied Telesis AT-S101 User Manual

Page 186

background image

Chapter 18: Classifiers

186

Overview

A classifier defines a traffic flow which consists of packets that share one
or more characteristics. You can define a traffic flow can broadly or
narrowly. An example of the a broad definition is all IP traffic while an
example of a narrow definition is packets with specified source and
destination MAC addresses.

A classifier contains a set of criteria for defining a traffic flow. Examples of
the variables include source and destination MAC addresses, source and
destination IP addresses, IP protocols, source and destination TCP and
UDP ports numbers, and so on. You can also specify more than one
criteria within a classifier to make the definition of the traffic flow more
specific. Some of the variables you can mix-and-match, but there are
restrictions, as explained later in this section in the descriptions of the
individual variables.

By itself, a classifier does not perform any action or produce any result
because it lacks instructions on what a port should do when it receives a
packet that belongs to the defined traffic flow. Rather, the action is
established outside the classifier. As a result, you never use a classifier by
itself.

The switch uses classifiers to help define Access Control Policies (ACP).

An ACP filters ingress packets on a port by controlling which packets a
port accepts and rejects. You can use this feature to improve the security
of your switch or enhance switch performance by changing the
precedence.

When you create an ACP you must specify the traffic flow you want the
ACP to control. You do that by creating one or more classifiers and adding
the classifiers to the ACP. The action that the port takes when an ingress
packet matches the traffic flow specified by a classifier is contained in the
ACP itself. The action is to either accept packets of the traffic flow or
discard them.

In summary, a classifier is a list of variables that define a traffic flow. ACP
uses a classifier to determine which packets it will manipulate.

See also other documents in the category Allied Telesis Computer hardware: