Example: Rules With Conflicting Actions; Interaction With Other Features; Valid Combinations - Alcatel OmniSwitch 6800 Series Network Configuration Manual
Hide thumbs
Also See for OmniSwitch 6800 Series:
- Troubleshooting manual (614 pages) ,
- Release notes (86 pages) ,
- Hardware user's manual (136 pages)
Table of Contents
Advertisement
ACL Overview
Example: Rules With Conflicting Actions
If the actions are in conflict, however, the switch will apply only the rule with the highest precedence. For
example:
-> policy condition X source ip 10.10.2.3
-> policy action W priority 5
-> policy action Z minimum bandwidth 10m
-> policy rule Rule1 condition X action W
-> policy rule Rule2 condition X action Z
In this case, a source IP address condition may be combined with a priority action or a minimum band-
width action but not both at the same time (see
about condition/action combinations). Since these actions are in conflict, the rule with the highest prece-
dence will be applied instead. In this case, both rules have the same precedence value (the default, since no
precedence is specifically configured). The rule that was configured first (Rule1) is considered to have the
highest precedence and will be used for the flow.
Interaction With Other Features
Routing Protocols—Layer 3 filtering is compatible with routing protocols on the switch, including
•
RIP and OSPF. If VRRP is also running, all VRRP routers on the LAN must be configured with the
same filtering rules; otherwise, the security of the network will be compromised. For more information
about VRRP, see
Bridging—Layer 2 and Layer 3 ACLs are supported for bridged and routed traffic. For information
•
about configuring the switch to classify Layer 3 information in bridged frames, see
Bridged Traffic as Layer 3" on page 21-16
Valid Combinations
There are limitations to the types of conditions that may be combined in a single rule. A brief overview of
these limitations is listed here:
Layer 2 and Layer 4 conditions cannot be combined, unless the Layer 2 condition is for 802.1p. This is
•
the only Layer 2 condition that is allowed in combination with Layer 4 conditions.
Source and destination parameters can be combined in Layer 2, Layer 3, and Layer 4 conditions.
•
Individual items and their corresponding groups cannot be combined in the same condition. For exam-
•
ple, a source IP address cannot be included in a condition with a source IP network group.
For more information about supported combinations, see
"Action Combinations" on page 21-7
page 22-6
Chapter 16, "Configuring VRRP."
in
Chapter 21, "Configuring QoS."
OmniSwitch 6800 Series Network Configuration Guide
Chapter 21, "Configuring QoS,"
in
Chapter 21, "Configuring QoS."
"Condition Combinations" on page 21-6
Configuring ACLs
for more information
"Classifying
and
November 2004
- Quick Links:
- Configuring Vlans
Hide quick links:
Advertisement
Table of Contents
