Chapter 20: Configuring policy
Policy lists allow you to control the ingress and egress of traffic to a router or port. You can use
policies to manage security, determine packet priority through an interface, implement quality of
service, or determine routing for a specific application or user. Each policy list consists of a set
of rules determining the behavior of a packet entering or leaving the interface on which the list is
applied.
There are various policy lists on the G250/G350, including access control lists, QoS lists, Policy
based routing, and Managing policy lists.
Access control lists
Access lists have the following parts:
Global rules — a set of rules that are executed before the list is evaluated
●
Rule list — a list of filtering rules and actions for the G250/G350 to take when a packet
●
matches the rule. Match actions on this list are pointers to the composite operation table.
Actions (composite operation table) — a table that describes actions to be performed
●
when a packet matches a rule. The table includes pre-defined actions such as permit and
deny. You can configure more complex rules. See
Access control list rule specifications
You can use access control lists to control which packets are authorized to pass through an
interface. When a packet matches a rule on the access control list, the rule specifies whether
the G250/G350:
Accepts the packet or drops the packet
●
Sends an ICMP error reply if it drops the packet
●
Sends an SNMP trap if it drops the packet
●
Composite operations
Issue 3 February 2007
on page 545.
531