Creating a PKI domain ······································································································································· 455
Creating an RSA key pair ·································································································································· 458
Destroying the RSA key pair ······························································································································ 459
Requesting a local certificate ····························································································································· 461
Retrieving and displaying a CRL ························································································································ 462
PKI configuration example ·········································································································································· 464
Configuration guidelines ············································································································································· 468
Configuring authorized IP ······································································································································ 469
Configuration procedure ············································································································································· 469
Network requirements ········································································································································· 470
Configuration procedure ···································································································································· 470
Configuring port isolation ······································································································································· 472
Overview ······································································································································································· 472
Configuring the isolation group ·································································································································· 472
Configuring ACLs ···················································································································································· 475
Overview ······································································································································································· 475
ACL categories ···················································································································································· 475
Match order ························································································································································· 475
Rule numbering ···················································································································································· 476
Configuration guidelines ············································································································································· 477
Configuring a time range ··································································································································· 478
Adding an IPv4 ACL ··········································································································································· 479
Adding an IPv6 ACL ··········································································································································· 486
Configuring QoS ····················································································································································· 491
Introduction to QoS ······················································································································································ 491
Networks without QoS guarantee ····················································································································· 491
End-to-end QoS ···················································································································································· 493
Traffic classification ············································································································································· 493
Packet precedences ············································································································································· 494
Queue scheduling ··············································································································································· 496
Traffic shaping ····················································································································································· 498
Rate limit ······························································································································································· 499
Priority mapping ·················································································································································· 500
Adding a class ····························································································································································· 504
Configuring classification rules ··································································································································· 505
x