Creating Policy Actions For Acls - Alcatel-Lucent OmniSwitch 6800 Series Network Configuration Manual

Configuring ACLs
The following table lists the keywords for the policy condition command that are typically used for the
different types of ACLs:
Layer 2 ACL Condition
Keywords
source mac
source mac group
destination mac
destination mac group
source vlan
source port
source port group
destination port
destination port group
ethertype
802.1p
Note that the individual address, service, or port cannot be used in conjunction with the same type of
condition group. For example, you cannot specify in the same rule both a source MAC address and a
source MAC group.

Creating Policy Actions For ACLs

A policy action for IP filtering specifies a disposition, that is, whether the flow is accepted or denied on the
switch. To create a policy action, use the policy action command. Use the disposition keyword to define
whether the flow is accepted (accept) or denied (deny). For example:
-> policy action a1 disposition accept
If you do not specify a disposition for the policy action, the default (accept) will be used.
page 31-10
Layer 3/4 ACL Condition
Keywords
source ip
source ipv6
source network group
destination ip
destination ipv6
destination network group
source ip port
destination ip port
service
service group
ip protocol
ipv6
nh
flow-label
destination port
destination port group
icmptype
icmpcode
tos
dscp
source tcp port
destination tcp port
source udp port
destination udp port
established
tcpflags
OmniSwitch 6800/6850/9000 Network Configuration Guide
Configuring ACLs
Multicast ACL Condition
Keywords
multicast ip
multicast network group
destination ip
destination vlan
destination port
destination port group
destination mac
destination mac group
March 2008