Acl Overview - Alcatel OmniSwitch 6624 Network Configuration Manual

ACL Overview

ACL Overview
ACLs provide moderate security between networks. The following illustration shows how ACLs may be
used to filter subnetwork traffic through a private network, functioning like an internal firewall for LANs.
Subnetwork OmniSwitch
OmniSwitch 6648
OmniSwitch 6648
OmniSwitch 6648
Subnetwork
When traffic arrives on the switch, the switch checks its policy database to attempt to match Layer 2 or
Layer 3/4 information in the protocol header to a filtering policy rule. If a match is found, it applies the
relevant disposition to the flow. Disposition determines whether a flow is allowed or denied. There is a
global disposition (the default is accept), and individual rules may be set up with their own dispositions.
Note. In some network situations, it is recommended that the global disposition be set to deny, and that
rules be created to allow certain types of traffic through the switch. To set the global disposition to deny,
use the qos default bridged disposition
Global Disposition" on page 22-8
When multiple policy rules exist for a particular flow, the rule with the highest precedence is applied to the
traffic. See "Rule Precedence" on page 22-5
Note. QoS policy rules may also be used for traffic prioritization and other network scenarios. For a
general discussion of QoS policy rules, see
page 22-4
Private
Network
Filtering Rules
(ACLs)
OmniSwitch 6648
OmniSwitch 6648
OmniSwitch 6648
OmniSwitch
Basic ACL Application
and qos default routed disposition
for more information about these commands.
for more information about precedence.
Chapter 21, "Configuring QoS."
OmniSwitch 6624/6648 Network Configuration Guide
router
Public
Network
Subnetwork
commands. See
Configuring ACLs
"Setting the
April 2004