Table of Contents
Advertisement
Introduction
6.3.3 Configuring Classifiers
6.3.3.1 Default Configuration
When the SBx3112 is first installed and in service, there are no user-defined classifiers configured.
6.3.3.2 Configuration Guidelines
For the XE4, filtering on the DHCP packets can occur if the filter has only layer 2 fields in the match rules. So,
for example, if the user creates a classifier to block all traffic on VID=1, then DHCP requests on VID 1 are
blocked. However, if rules are created to allow certain IP addresses through, and all other IP addresses are
blocked, the DHCP packets can still get through because those layer 3 filters are not applied. This is done so
that the customer can get a valid IP address via DHCP.
6.3.3.3 Configuration Procedure
The general sequence to configure classifiers is to:
Create the classifiers with a descriptive name and match rule.
•
Associate actions to the classifiers, using COUNT as well when appropriate.
•
Associate the classifiers to interfaces, including a PRECEDENCE, with the lower number receiving the
•
higher precedence.
The general sequence to deprovision a classifier is to:
DELETE the classifier from the associated interfaces.
•
DESTROY the classifier
•
In the following procedure, the user wishes to only allow traffic originated from a range of IP addresses, and to
drop any other packets.
TABLE 6-3
Step
Command
Create the classifiers and the allowed IP source (/ is for the mask)
CREATE CLASSIFIER=ipfilt1 IPSOURCE=192.168.1.0/24
1
CREATE CLASSIFIER=ipfilt2 IPSOURCE=10.0.0.0/24
CREATE CLASSIFIER=ipdrop IPSOURCE=ANY
Associate the classifiers with actions, with a COUNT for dropped packets
6-18
Software Reference for SwitchBlade x3100 Series Switches (Access and Security)
Configuration procedure for Classifiers
Configuring Classifiers
Description (Optional)
Advertisement
Chapters
Table of Contents
Troubleshooting
