Allied Telesis x908, X900-12XT/S Contents, Which products and software version does this Note apply to?

Page 2 | AlliedWare Plus™ OS How To Note

Introduction

Contents

Introduction .............................................................................................................................................. 1

Which products and software version does this Note apply to? ......................................... 2

Creating hardware ACLs ....................................................................................................................... 3

Creating IP hardware ACLs ........................................................................................................... 3

Creating MAC address hardware ACLs ...................................................................................... 6

The effects of the action keywords in ACLs ..................................................................................... 6

Making filters by applying hardware ACLs to ports ........................................................................ 7

Making filters by using QoS class-maps .............................................................................................. 8

Creating a class-map ........................................................................................................................ 9

Specifying what the class-map will match on ............................................................................. 9

Matching on “inner” keywords for nested VLANs ........................................................ 10

Matching on TCP flag ........................................................................................................... 11

Matching on eth-format and protocol .............................................................................. 12

Applying the class-maps to a policy-map .................................................................................. 12

Applying the policy-map to ports ............................................................................................... 12

The logic of the operation of the hardware filters ........................................................................ 13

Combining interface ACLs and QoS class-maps ............................................................................ 13

Examples .................................................................................................................................................. 14

Blocking all multicast traffic .............. ........................................................................................... 14

Blocking all multicast traffic except one address .................................................................... 15

Mirroring HTTP and SMTP traffic .............................................................................................. 15

Mirroring ARP packets .................................................................................................................. 16

Blocking TCP sessions in one direction .................................................................................... 17

How many filters can you create? ...................................................................................................... 18

1. The filter rules table ................................................................................................................. 18

2. The profile (mask) ..................................................................................................................... 19

Are there enough bytes for your set of filters? .............................................................. 20

Some protocols also use filters, so use some of the length ........................................ 21

Which products and software version does this Note apply to?

zProducts: SwitchBlade x908, x900-12XT/S, and x900-24 series switches

zSoftware versions: 5.2.1-0.1 and above

Hardware filters are also available on Layer 3 switches running the AlliedWare OS. For

AlliedWare OS configurations, see the AlliedWare OS How To Notes:

zHow To Use the Hardware Filters on the AT-8948 and AT-9900 Series Switches

zHow To Configure Filtering Actions on QoS Flow Groups and Traffic Classes

These Notes are available from www.alliedtelesis.com/resources/literature/howto.aspx.