Allied Telesis X900-12XT/S, x908 manual TCP and UDP You can filter TCP and UDP packets on the basis

Page 5

Creating hardware ACLs

TCP and UDP You can filter TCP and UDP packets on the basis of:

packets

z source IP address and/or destination IP address (using the same syntax as when filtering IP packets)

z source and/or destination TCP/UDP ports.

The command syntax is:

awplus(config)#access-list <3000-3699> <action> {tcpudp}

<source-ip-address>

[{eqgtltnerange} <source-port> [<source-port>]]

<destination-ip-address>

[{eqgtltnerange} <dest-port> [<dest-port>]]

To determine which ports to filter, use the following keywords:

Keyword

Selects

Example

 

 

 

no keyword

All ports

For example, to match packets that use any TCP source or

 

 

destination port:

 

 

access-list 3000 permit tcp any any

 

 

 

eq

A single port

Specify a single port number. For example, to match packets

 

 

from any IP address that use TCP source port 5100:

 

 

access-list 3000 permit tcp any eq 5100 any

 

 

Note that the TCP port parameter is optional. In this

 

 

example, the keyword any indicates that the ACL matches

 

 

on any source and destination IP address. The absence of a

 

 

port at the end of the command indicates that it matches on

 

 

any destination port.

 

 

 

gt

All ports higher than the

Specify a single port number. For example, to match packets

 

specified port number

that use a source TCP port of 5100 or higher:

 

 

access-list 3000 permit tcp any gt 5099 any

 

 

 

lt

All ports lower than the

Specify a single port number. For example, to match packets

 

specified port number

that use a source TCP port of 5100 or lower:

 

 

access-list 3000 permit tcp any lt 5101 any

 

 

 

ne

All ports except the specified

Specify a single port number. For example, to match packets

 

port

that use any source TCP port except port 5100:

 

 

access-list 3000 permit tcp any ne 5100 any

 

 

 

range

A contiguous range of ports

Specify the lowest and highest numbers in the range,

 

 

separated by a space. For example, to match packets that use

 

 

TCP source ports 5100 to 5200 inclusive:

 

 

access-list 3000 permit tcp any range 5100 5200 any

 

 

 

Page 5 AlliedWare Plus™ OS How To Note

Image 5
Contents AlliedWare PlusTM OS Which products and software version does this Note apply to? Creating IP hardware ACLs Creating hardware ACLsDestination-ip-address TCP and UDP You can filter TCP and UDP packets on the basis Creating MAC address hardware ACLs Effects of the action keywords in ACLsACLs Making filters by applying hardware ACLs to portsMaking filters by using QoS class-maps Specifying what the class-map will match on Creating a class-mapMatching on inner keywords for nested VLANs Matching on TCP flag So will the following single match commandMatching on eth-format and protocol Applying the class-maps to a policy-mapApplying the policy-map to ports Combining interface ACLs and QoS class-maps Logic of the operation of the hardware filtersBlocking all multicast traffic ExamplesMirroring Http and Smtp traffic Blocking all multicast traffic except one addressMirroring ARP packets This example uses two QoS class-maps Blocking TCP sessions in one directionFilter rules table How many filters can you create?Profile mask Are there enough bytes for your set of filters? Some protocols also use filters, so use some of the length
Related manuals
Manual 8 pages 39.31 Kb Manual 52 pages 56.44 Kb

X900-12XT/S, x908 specifications

The Allied Telesis x908 and the SwitchBlade x900 series of network switches are cutting-edge solutions designed to address the demands of modern networking environments. These switches are known for their high performance, reliability, and robust feature sets, making them ideal for enterprise and service provider networks.

The Allied Telesis x908 series consists of modular and chassis-based systems that can accommodate a variety of network configurations. One of the main features of the x908 series is its ability to offer high scalability with support for a large number of ports. This makes it suitable for data centers and large enterprise networks where space and bandwidth optimization are critical.

In addition to scalability, the x908 series supports advanced Layer 2 and Layer 3 switching capabilities. This allows for efficient traffic management and routing, ensuring that data is delivered swiftly and reliably. The x908 also incorporates intelligent features such as Quality of Service (QoS), which prioritizes critical network traffic, ensuring that time-sensitive data—like voice and video—maintains its quality during transmission.

The SwitchBlade x900 series takes this functionality further with its innovative modular architecture. This allows organizations to configure their networks to meet specific needs by choosing from a variety of interface cards and service modules. The SwitchBlade x900 also supports advanced security features such as Access Control Lists (ACLs) and VLAN segmentation, which provide enhanced protection against unauthorized access and network threats.

Another hallmark of the x908 and SwitchBlade series is their support for high-speed Ethernet technologies, including 10G and 40G Ethernet. This enables organizations to keep pace with the increasing bandwidth demands of applications and services, particularly in cloud computing and data-intensive workloads.

Both the x908 and the SwitchBlade x900 series are designed with energy efficiency in mind, featuring power-saving technologies that reduce overall operational costs. Coupled with Allied Telesis' management tools, which provide detailed analytics and monitoring, network administrators can optimize performance and energy consumption simultaneously.

In summary, the Allied Telesis x908 and SwitchBlade x900 series offer a comprehensive suite of features, high performance, scalability, and advanced networking technologies. They represent a strategic investment for organizations looking to build resilient, efficient, and future-proof network infrastructures.