Configuring policy
Access control lists
You can use access control lists to control which packets are authorized to pass through an
interface. When a packet matches a rule on the access control list, the rule specifies whether
the G250/G350:
Accepts the packet or drops the packet
●
Sends an ICMP error reply if it drops the packet
●
Sends an SNMP trap if it drops the packet
●
Access lists have the following parts:
Global rules — a set of rules that are executed before the list is evaluated
●
Rule list — a list of filtering rules and actions for the G250/G350 to take when a packet
●
matches the rule. Match actions on this list are pointers to the composite operation table.
Actions (composite operation table) — a table that describes actions to be performed
●
when a packet matches a rule. The table includes pre-defined actions such as permit and
deny. You can configure more complex rules. See
Network security using access control lists
The primary use of access control lists is to act as a component of network security. You can
use access control lists to determine which applications, networks, and users can access hosts
on your network. Also, you can restrict internal users from accessing specific sites or
applications outside the network. Access control lists can be based on permitting or denying
specific values or groups of IP addresses, protocols, ports, IP fragments, or DSCP values.
Figure 46: Network Security using access control lists
control lists are used to control traffic into and out of your network.
442 Administration for the Avaya G250 and Avaya G350 Media Gateways
Composite operations
on page 443 illustrates how access
on page 457.