Acl Overview - Alcatel-Lucent OmniSwitch 6800 Series Network Configuration Manual

Hide thumbs Also See for OmniSwitch 6800 Series:

Table of Contents

Configuring ACLs

ACL Overview

ACLs provide moderate security between networks. The following illustration shows how ACLs may be

used to filter subnetwork traffic through a private network, functioning like an internal firewall for LANs.

When traffic arrives on the switch, the switch checks its policy database to attempt to match Layer 2 or

Layer 3/4 information in the protocol header to a filtering policy rule. If a match is found, it applies the

relevant disposition to the flow. Disposition determines whether a flow is allowed or denied. There is a

global disposition (the default is accept), and individual rules may be set up with their own dispositions.

Note. In some network situations, it is recommended that the global disposition be set to deny, and that

rules be created to allow certain types of traffic through the switch. To set the global disposition to deny,

qos default bridged disposition

Global Disposition" on page 31-7

When multiple policy rules exist for a particular flow, each policy is applied to the flow as long as there

are no conflicts between the policies. If there is a conflict, then the policy with the highest precedence is

applied to the flow. See

Note. QoS policy rules may also be used for traffic prioritization and other network scenarios. For a

general discussion of QoS policy rules, see

OmniSwitch 6800/6850/9000 Network Configuration Guide

Filtering Rules

Basic ACL Application

qos default routed disposition

for more information about these commands.

"Rule Precedence" on page 31-6

Chapter 30, "Configuring QoS."

commands. See

for more information about precedence.

ACL Overview

"Setting the