ZyXEL Communications VES-1616 manual Classifier & Policy rule setup on your Switch

Page 103

ZyXEL

VES-1616/24FA-5x Series Support Notes

After the configuration, the port is authenticated and the computer connected to this port is allowed to access the network. Otherwise, the computer cannot access the network.

Classifier & Policy rule setup on your Switch

This section shows you how to allow traffic from certain IP addresses and deny others. This can be done easily using classifier and policy rules.

First, you need to create a classifier rule to group traffic into data flows based on information such as the source address, destination address, port number and packet format. In this example, we group traffic based on the packet format and set the VES-1616F-3X to apply its policy rules. The following lists the three classifier rules that we will define in this example:

1.Packet with a source IP address of 192.168.1.20

2.Packets on port 2

3.ARP traffic for testing

Once packet classification settings are done, we create policy rules to specify the actions on the matched packets so they get the deserved treatment in the network. Here, we also define three policy rules.

1.Forward traffic from 192.168.1.20 only (on the first classifier)

2.Discard all the traffic from port 2 (on the second classifier)

3.Forward ARP packets (on the third classifier)

All contents copyright 2008 ZyXEL Communications Corporation.

102

Image 103
Contents VES-1616/24FA-5x Series Vdsl Switch ZyXEL VES-1616/24FA-5x Series Support Notes Classifier & Policy rule setup on your Switch Firmware Upgrade Switch Management and MaintenanceRestore a Configuration File ZyXEL Backing Up a Configuration File Load Factory Defaults Dhcp Relay Option 82 Application General NetworkingNetwork Port Dhcp Server Dhcp Client Switch settingsIP Commander setup ZyXEL ZyXEL ZyXEL Enter a name and description for the new rule ZyXEL Next select Dhcp Option in the Keywords field An Add Dhcp Option Rule screen displays ZyXEL Click Next in the screen that displays ZyXEL ZyXEL You can choose to enable Ddns service on the Dhcp server Click Finish to complete the rule creation Separating a physical network into multiple Virtual networks Case Port-based Vlan definition Port-based Vlan across multiple switches ZyXEL PC Z ZyXEL ZyXEL Configuring the Switch Using the CLI Tag-based Vlan Overview ZyXEL Forwarding Process Ingress ProcessVID Vlan ID Egress Process VEES-1616/24FA-5x Series Support Notes Answer ZyXEL Configuration screen for switch 2 is shown as follows ZyXEL ZyXEL Company XX branch Company YY branch Vlan Stacking OverviewSwitch D Switch aSwitch B Switch CSwitch H ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL Network Scenario ZyXEL ZyXEL ZyXEL ZyXEL Igmp IP Multicasting Configuring Igmp snooping in your switchCPE ZyXEL Overview of MVR Dynamic Mode Immediate Leave Operation Compatible modeJoin Operation Leave OperationConfiguration via Web ZyXEL ZyXEL ZyXEL ZyXEL VES-1616FA-54config# vlan Setting, and activate the Igmp SnoopingVES-1616FA-54config#igmpsnooping VES-1616FA-54config-vlan# fixedVlan ID Triple play ApplicationZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL ZyXEL Vlan ID ZyXEL ZyXEL ZyXEL Broadcast storm Filtering Database Instability Select a root bridge Select a designated port on each segment ZyXEL Switching security MAC Limit ZyXEL Setting up 802.1x Radius Authentication ZyXEL ZyXEL ZyXEL Classifier & Policy rule setup on your Switch ZyXEL ZyXEL Centralized Management Introduction to SNMPc and NetAtlas System Architecture EMS Overview Adding a new device in SNMPc Map Object Properties Read/Write Access Mode Read/write Community Device Selection Rootmap FAQ ZyXEL Using the Web Configurator ZyXEL