Allied Telesis AT-S63 User Manual

Page 324

Advertising
background image

Chapter 18: Access Control List Commands

324

Section II: Advanced Operations

Modes

For the ACCESS-LIST commands:

Configure mode

For the SERVICE-POLICY ACCESS commands:

Port Interface mode

Description

As explained in the AT-S63 Management Software Features Guide, an
access control list has two parts. There is the classifier, which defines the
traffic flow, and the access control list itself, which defines the action that
the ports should take when they receive packets that are members of the
defined traffic flow.

The AlliedWare Plus commands handle these elements in very different
ways than the other management interfaces. These differences, which are
explained here, should be taken into account when deciding whether to
use the AlliedWare Plus commands or the other management interfaces
to manage this feature.

The classifiers and the access control lists are considered as separate
elements by the other management interfaces — the menus, the web
browser windows, and the standard command line. To manage this
feature with one of these interfaces, you first have to create the classifiers
that define the traffic flows you want to control, and then the access
control lists that define whether the ports accept or reject the packets of
the defined flows.

In contrast, the AlliedWare Plus commands consider an access control list
and its classifier as a single unit. You create both at the same time with the
ACCESS-LIST commands.

Another difference is how you define the traffic flows. With the other
management interfaces, you define the traffic flows by selecting the
desired criteria when you create the classifiers.

With the AlliedWare Plus commands the traffic flows are defined by the ID
numbers, which are divided into ranges, with each range representing a
different criterion. The ID number tells the AlliedWare Plus commands the
intended traffic flow of an access control list. For instance, to filter on
source IP addresses, you would select an ID number in the range of 1 to
99. Or, for a filter of ICMP packets, you would select an ID number in the
range of 156 to 199.

If you look at the description of “CREATE CLASSIFIER” on page 310,
you’ll see that classifiers have quite a few criteria for you to choose from in
defining traffic flows. But most of the criteria are not available to you when

Advertising
Popular Brands
Popular manuals