Access Control Lists (ACLs) are Quality of Service (QoS) policies used to control whether or not packets
are allowed or denied at the switch or router interface. ACLs are sometimes referred to as filtering lists.
ACLs are distinguished by the kind of traffic they filter. In a QoS policy rule, the type of traffic is speci-
fied in the policy condition. The policy action determines whether the traffic is allowed or denied. For
detailed descriptions about configuring policy rules, see
In general, the types of ACLs include:
Layer 2 ACLs—for filtering traffic at the MAC layer. Usually uses MAC addresses or MAC groups for
•
filtering.
Layer 3/4 ACLs—for filtering traffic at the network layer. Typically uses IP addresses or IP ports for
•
filtering; note that IPX filtering is not supported.
Multicast ACLs—for filtering IGMP traffic.
•
In This Chapter
This chapter describes ACLs and how to configure them through the Command Line Interface (CLI). CLI
commands are used in the configuration examples; for more details about the syntax of commands, see the
OmniSwitch CLI Reference Guide.
Configuration procedures described in this chapter include:
Setting the Global Disposition. The disposition specifies the general allow/deny policy on the switch.
•
See
"Setting the Global Disposition" on page
Creating Condition Groups for ACLs. Groups are used for filtering on multiple addresses, ports, or
•
services. The group is then associated with the policy condition. See
ACLs" on page
25-10.
Creating Policy Rules for ACLs. Policy rules for ACLs are basically QoS policy rules. Specific
•
parameters for ACLs are described in this chapter. See
Using ACL Security Features. Specific port group, action, service group, and policy rule combina-
•
tions are provided to help improve network security. See
page
25-17.
OmniSwitch 6600 Family Network Configuration Guide
25 Configuring ACLs
25-8.
Chapter 24, "Configuring QoS."
"Creating Condition Groups For
"Configuring ACLs" on page
"Using ACL Security Features" on
April 2006
25-10.
page 25-1