Rule Precedence; Example: Rules With Compatible Actions - Alcatel OmniSwitch 6800 Series Network Configuration Manual

Configuring ACLs

Rule Precedence

All rules that match a flow will be applied to the flow, unless one of the following rule conflicts occur:
Actions specified by one or more rules are in conflict with each other.
•
Conditions specified in one or more contiguous rules are the same.
•
If any of the above items are true, then rule precedence is used to determine which rule to apply to the
flow. (This functionality is different from the OmniSwitch 7700/7800/8800, which will always apply the
rule with the highest precedence.)
See the next sections
With Conflicting Actions" on page
Precedence is particularly important for Access Control Lists (ACLs). For more details about precedence
and examples for using precedence, see
How Precedence is Determined
When there is a conflict between rules, precedence is determined using one of the following methods:
Precedence value—Each policy has a precedence value. The value may be user-configured through
•
the policy rule command in the range from 0 (lowest) to 65535 (highest). (The range 30000 to 65535
is typically reserved for PolicyView.) By default, a policy rule has a precedence of 0.
Configured rule order—If a flow matches more than one rule and both rules have the same prece-
•
dence value, the rule that was configured first in the list will take precedence.
Note. Minimum bandwidth rules have the highest precedence over all other rules in the system. They are
enforced internally and cannot be overridden by user-configured settings. In addition, specifying a mini-
mum bandwidth value implies a maximum bandwidth of the same value.

Example: Rules With Compatible Actions

More than one rule may have the same condition. For example, two rules may have the same IP address
condition but different actions. If the actions are compatible, both rules will be applied to the flow, regard-
less of the precedence settings. In this example, the rules are created with the default precedence (0) value.
-> policy condition X source ip 10.10.2.3
-> policy action Y priority 7
-> policy action Z maximum bandwidth 10m
-> policy rule Rule1 condition X action Y
-> policy rule Rule2 condition X action Z
In this example, when a flow comes into the switch and matches source IP address 10.10.2.3, the switch
will apply both policies (Rule1 and Rule2) to the flow. On the OmniSwitch 6800, a source IP address may
be combined with priority and maximum bandwidth actions at the same time, so both rules are used.
Note. See Chapter 21, "Configuring QoS,"
tions.
OmniSwitch 6800 Series Network Configuration Guide
("Example: Rules With Compatible Actions" on page 22-5
22-6) for more information about precedence and Layer 3 flows.
Chapter 22, "Configuring ACLs."
for more information about valid condition/action combina-
November 2004
ACL Overview
and "Example: Rules
page 22-5