Configuration Examples
408
Insight Managed 28-Port Gigabit Ethernet Smart Cloud Switch with 2 SFP 1G & 2 SFP+ 10G Fiber Ports
4.
On the IP Rules page (see
Configure Rules for a Basic IP ACL
second rule for IP ACL 1 with the following settings:
•
Sequence Number
. 2
•
Action
. Permit
•
Match Every
. True
5.
Click the
Add
button.
6.
On the IP Binding Configuration page (see
Configure IP ACL Interface Bindings
page 337), assign ACL ID 1 to the interface Gigabit ports 2, 3, and 4, and assign a
sequence number of 1.
By default, this IP ACL is bound on the inbound direction, so it examines traffic as it
enters the switch.
7.
Click the
Apply
button.
8.
Use the IP Binding Table page to view the interfaces and IP ACL binding information. (See
View or Delete IP ACL Bindings in the IP ACL Binding Table
The IP ACL in this example matches all packets with the source IP address and subnet mask
of the Finance department’s network and deny it on the Ethernet interfaces 2, 3, and 4 of the
switch. The second rule permits all non-Finance traffic on the ports. The second rule is
required because an explicit
deny all
rule exists as the lowest priority rule.
Differentiated Services (DiffServ)
Standard IP-based networks are designed to provide
best effort
data delivery service.
Best
effort
service implies that the network delivers the data in a timely fashion, although there is
no guarantee that it does. During times of congestion, packets might be delayed, sent
sporadically, or dropped. For typical Internet applications, such as email and file transfer, a
slight degradation in service is acceptable and in many cases unnoticeable. However, any
degradation of service can negatively affect applications with strict timing requirements, such
as voice or multimedia.
Quality of Service (QoS) can provide consistent, predictable data delivery by distinguishing
between packets with strict timing requirements from those that are more tolerant of delay.
Packets with strict timing requirements are given special treatment in a QoS-capable
network. With this in mind, all elements of the network must be QoS capable. If one node
cannot meet the necessary timing requirements, this creates a deficiency in the network path
and the performance of the entire packet flow is compromised.
Two basic types of QoS are supported:
•
Integrated Services
. Network resources are apportioned based on request and are
reserved (resource reservation) according to network management policy (RSVP, for
example).
•
Differentiated Services
. Network resources are apportioned based on traffic
classification and priority, giving preferential treatment to data with strict timing
requirements.