Filter
Top Products
Create A Secure Network With Allied Telesis Managed Layer 3 Switches 13
Managing the device securely
Building a whitelist through QoS
On AT-8948, AT-9900, AT-9900s, and x900 Series switches,
use classifiers to build a whitelist and QoS to apply it.
1. Create classifiers to match telnet traffic from permitted
IP addresses to the switch’s IP address.
2. Create a classifier to match all telnet traffic to the
switch’s IP address.
3. Create a flow group and add the classifiers for permitted
traffic to it.
4. Create a second flow group with a higher ID number and
add the classifier that matches all telnet traffic to it.
5. Create the rest of the QoS framework—traffic class and policy.
6. Apply the policy to all ports to stop telnet from all directions.
QoS is an incredibly versatile hardware-level packet filtering mechanism. For more
information about setting up QoS on these switches, see How To Configure QoS On AT-8948,
AT-9900, AT-9900s And x900 Series Switches. This How To Note is available from
www.alliedtelesis.com/resources/literature/howto.aspx.
Example
To permit only the host with IP address
1
72.30.
1
.
1
44 to telnet to the switch
1
72.28.40.70:
create classifier=1 ipsa=172.30.1.144/32 ipda=172.28.40.70/32
tcpd=23
create classifier=2 ipda=172.28.40.70/32 tcpd=23
create qos flowgroup=1 action=forward
create qos flowgroup=2 action=discard
create qos trafficclass=1
create qos policy=1
add qos flowgroup=1 classifier=1
add qos flowgroup=2 classifier=2
add qos trafficclass=1 flowgroup=1
add qos trafficclass=1 flowgroup=2
add qos policy=1 trafficclass=1
set qos port=all policy=1
Products
AT-8948
x900-48 Series
AT-9900 Series
AT-9924Ts
x900-24 Series
Software Versions
2.7.3 and later
Configuration