Allied Telesis X900-12XT/S, x908 Matching on TCP flag, So will the following single match command

Page 11

Making filters by using QoS class-maps

Matching on TCP flag

Unlike the other match commands, you can match on multiple TCP flags. The switch combines the specified flags by ANDing them together. To specify the multiple flags, either make multiple match tcp-flagscommands or specify the flags in one command as a space- separated list. For example, the following series of commands will match on a packet that has all of ACK, SYN and FIN set:

awplus(config)#class-map tcp-flags

awplus(config-cmap)#match tcp-flags ack awplus(config-cmap)#match tcp-flags syn awplus(config-cmap)#match tcp-flags fin

So will the following single match command:

awplus(config)#class-map tcp-flags

awplus(config-cmap)#match tcp-flags ack syn fin

Note that QoS only checks that the specified flags are set, not that the other flags are not set. For example, the following commands will match on a packet that has both SYN and ACK set, as well as a packet that has SYN but not ACK set:

awplus(config)#class-map tcp-flags

awplus(config-cmap)#match tcp-flags syn

To drop packets with SYN only, but not with ACK and SYN, you could use the following two class-maps. Note that access-list 3000 is used to get a deny action. This example is explained fully in "Blocking TCP sessions in one direction" on page 17.

awplus(config)#access-list 3000 deny tcp any any awplus(config)#class-map ack-syn-flags awplus(config-cmap)#match tcp-flags ack syn awplus(config-cmap)#class-map syn-flags awplus(config-cmap)#match tcp-flags syn awplus(config-cmap)#match access-group 3000 awplus(config-cmap)#policy-map flags awplus(config-pmap)#class ack-syn-flags awplus(config-pmap-c)#class syn-flags

Page 11 AlliedWare Plus™ OS How To Note

Page 10 Page 12
Image 11
Page 10 Page 12
Contents AlliedWare PlusTM OS Which products and software version does this Note apply to? Creating IP hardware ACLs Creating hardware ACLsDestination-ip-address TCP and UDP You can filter TCP and UDP packets on the basis Creating MAC address hardware ACLs Effects of the action keywords in ACLsACLs Making filters by applying hardware ACLs to portsMaking filters by using QoS class-maps Specifying what the class-map will match on Creating a class-mapMatching on inner keywords for nested VLANs Matching on TCP flag So will the following single match commandMatching on eth-format and protocol Applying the class-maps to a policy-mapApplying the policy-map to ports Combining interface ACLs and QoS class-maps Logic of the operation of the hardware filtersBlocking all multicast traffic ExamplesMirroring Http and Smtp traffic Blocking all multicast traffic except one addressMirroring ARP packets This example uses two QoS class-maps Blocking TCP sessions in one directionFilter rules table How many filters can you create?Profile mask Are there enough bytes for your set of filters? Some protocols also use filters, so use some of the length
Related manuals
Manual 8 pages 39.31 Kb Manual 52 pages 56.44 Kb

X900-12XT/S, x908 specifications

The Allied Telesis x908 and the SwitchBlade x900 series of network switches are cutting-edge solutions designed to address the demands of modern networking environments. These switches are known for their high performance, reliability, and robust feature sets, making them ideal for enterprise and service provider networks.

The Allied Telesis x908 series consists of modular and chassis-based systems that can accommodate a variety of network configurations. One of the main features of the x908 series is its ability to offer high scalability with support for a large number of ports. This makes it suitable for data centers and large enterprise networks where space and bandwidth optimization are critical.

In addition to scalability, the x908 series supports advanced Layer 2 and Layer 3 switching capabilities. This allows for efficient traffic management and routing, ensuring that data is delivered swiftly and reliably. The x908 also incorporates intelligent features such as Quality of Service (QoS), which prioritizes critical network traffic, ensuring that time-sensitive data—like voice and video—maintains its quality during transmission.

The SwitchBlade x900 series takes this functionality further with its innovative modular architecture. This allows organizations to configure their networks to meet specific needs by choosing from a variety of interface cards and service modules. The SwitchBlade x900 also supports advanced security features such as Access Control Lists (ACLs) and VLAN segmentation, which provide enhanced protection against unauthorized access and network threats.

Another hallmark of the x908 and SwitchBlade series is their support for high-speed Ethernet technologies, including 10G and 40G Ethernet. This enables organizations to keep pace with the increasing bandwidth demands of applications and services, particularly in cloud computing and data-intensive workloads.

Both the x908 and the SwitchBlade x900 series are designed with energy efficiency in mind, featuring power-saving technologies that reduce overall operational costs. Coupled with Allied Telesis' management tools, which provide detailed analytics and monitoring, network administrators can optimize performance and energy consumption simultaneously.

In summary, the Allied Telesis x908 and SwitchBlade x900 series offer a comprehensive suite of features, high performance, scalability, and advanced networking technologies. They represent a strategic investment for organizations looking to build resilient, efficient, and future-proof network infrastructures.
Top Page Image Contents