Manualshelf

Specifications

ManualsBrandsAllied Telesis ManualsComputer equipmentRapier 8
51525354555657585960
8-58 Rapier Switch Software Reference
Software Release 2.7.3
C613-03098-00 REV A
(see “IGMP Snooping” on page 24-26 of Chapter 24, IP Multicasting). IGMP
snooping is enabled by default.
To add Layer 3 filter match criteria, use the add switch l3filter match
command on page 8-83.
To display hardware-based Layer 3 filtering match criteria configured on the
switch and their filter entries, use the show switch l3filter command on
page 8-220.
Filter match criteria can be changed only when no filter entries belong to them.
To change filter match criteria, delete any entries associated with them, use the
set switch l3filter match command on page 8-171.
To delete the Layer 3 filter match criteria, first delete any entries belonging to it,
use the delete switch l3filter command on page 8-101.
To configure a Layer 3 filter entry, first add the filter match criteria, then add a
filter entry.
Layer 3 Filter Entries
Filter matches specify the aspect of the packet that the filter checks. Filter
entries specify what that aspect must be set to in order for the traffic to be
filtered by the filter. To add a Layer 3 switch filter entry to the match criteria
described above, use the add switch l3filter entry command on page 8-80.
All criteria specified in the filter match should also be set in the filter entry.
Criteria not in the filter match are not valid in the filter entry. The l3filter
parameter specifies the number of the filter match to be modified. Filter match
numbers are in the output of the show switch l3filter command on page 8-220.
To change the parameters for a filter entry, use the set switch l3filter entry
command on page 8-168.
To delete a Layer 3 filter entry, use the delete switch l3filter entry command on
page 8-101.
Access Control Lists (ACLs)
On Rapier i Series switches, classifiers and hardware packet filters can be
configured to provide Access Control List functionality.
For example, to allow WWW servers in the 192.168.10.0 subnet to be accessed
only from the 192.168.20.0 subnet:
1. Create a classifier to match all WWW traffic to the subnet
Create a classifier to match all WWW traffic to the 192.168.10.0 subnet.
create classifier=1 ipdaddr=192.168.10.0/24 tcpdport=80
2. Create a hardware packet filter to deny this traffic
add switch hwfilter classifier=1 action=deny
3. Create a classifier to match the subset of this traffic that is to be allowed