Binding Device Security Acls - Alcatel OS-LS-6224 User Manual

3
Configuring the Switch
• The switch does not support the explicit "deny any" rule for the egress IP ACL or
the egress MAC ACLs. If these rules are included in ACL, and you attempt to bind
the ACL to an interface for egress checking, the bind operation will fail.
The order in which active ACLs are checked is as follows:
• User-defined rules in the Egress MAC ACL for egress ports.
• User-defined rules in the Egress IP ACL for egress ports.
• User-defined rules in the Ingress MAC ACL for ingress ports.
• User-defined rules in the Ingress IP ACL for ingress ports.
• Explicit default rule (permit any any) in the ingress IP ACL for ingress ports.
• Explicit default rule (permit any any) in the ingress MAC ACL for ingress ports.
• If no explicit rule is matched, the implicit default is permit all.

Binding Device Security ACLs

When an ACL is bound to an interface, all the ACE rules that have been defined are
applied to the selected interface. Whenever an ACL is assigned on a port or trunk
from that ingress interface that do not match the ACL are matched to the default
rule, which is Drop unmatched packets. The ACL Binding Page binds ACLs to
interfaces.
Command Attributes
• Unit No. — Indicates the stacking member for which the interface configuration
information is displayed.
• Copy from Entry Number — Copies the ACL information from the defined
interface.
• To Entry Number(s) — Copies the ACL information to the defined interface.
• Interface — Indicates the interface to which the ACL is bound.
• ACL Name — Indicates the ACL which is bound the interface.
• Remove — Unbinds the selected ACL from the interface. The possible field values
are:
• Checked — Unbinds the ACL and interface.
• Unchecked — Maintains the ACL and interface binding.
Web – Click Security, Access Control, ACL Binding, define the fields, and click
Apply.
166