Configuring policy
Defining global rules
In an access control list, you can define global rules for packets that contain IP fragments and IP
options. These rules apply to all packets. This is in contrast to individual rules, which apply to
packets that match certain defined criteria. See
The G250/G350 applies global rules before applying individual rules.
To define a global rule:
1. Enter the context of the access control list in which you want to define the rule.
2. Enter one of the following commands, followed by the name of a composite command:
- ip-fragments-in — applies to incoming packets that contain IP fragments
- ip-fragments-out — applies to outgoing packets that contain IP fragments
- ip-options-in — applies to incoming packets that contain IP options
- ip-options-out — applies to outgoing packets that contain IP options
The composite command can be any command defined in the composite operation list. These
commands are case-sensitive. To view the composite operation list for the access control list
you are working with, type the command show composite-operation in the context of the
access control list.
The following example defines a rule in Access Control List 301 that denies access to all
incoming packets that contain IP fragments:
G350-001(super)# ip access-control-list 301
G350-001(super/ACL 301)# ip-fragments-in Deny
Done!
Defining rules
This section provides information on how to configure rules in a policy list and contains the
following topics:
Overview of rule criteria
●
rules
Editing and creating rules
●
Rule criteria
●
450 Administration for the Avaya G250 and Avaya G350 Media Gateways
— an overview of the criteria that can be used in configuring policy
— instructions on how to edit or create a policy rule
— instructions on how to configure a policy rule's criteria
Defining rules
on page 450.