Configuring ACLs
Interaction With Other Features
IP Routing—IP routing must be enabled on the switch for Layer 3 ACLs. See
•
ing IP,"
for more information about setting up routing.
Routing Protocols—Layer 3 filtering is compatible with routing protocols on the switch, including
•
RIP and OSPF. If VRRP is also running, all VRRP routers on the LAN must be configured with the
same filtering rules; otherwise, the security of the network will be compromised. For more informa-
tion about VRRP, see
Bridging—Layer 2 ACLs are supported for bridged traffic. Layer 3 ACLs are typically only
•
performed on routed traffic, but the switch may be set to classify Layer 3 information in bridged
frames. For information about configuring the switch to classify Layer 3 information in bridged
frames, see
"Classifying Bridged Traffic as Layer 3" on page
Valid Combinations
There are limitations to the types of conditions that may be combined in a single rule. A brief overview of
these limitations is listed here:
Layer 2 and Layer 3/4 conditions should not be combined.
•
Source and destination parameters cannot be combined in Layer 2 conditions; source and destination
•
parameters may be combined in Layer 3/4 conditions.
Type of Service (ToS) and Differentiated Services Code Point (DSCP) values cannot be combined in a
•
single condition.
Individual items and their correponding groups cannot be combined in the same condition. For exam-
•
ple, a source IP address cannot be included in a condition with a source IP network group.
For more information about supported combinations, see
"Condition/Action Combinations" on page 21-7
OmniSwitch 6624/6648 Network Configuration Guide
Chapter 16, "Configuring VRRP."
in
21-18.
"Condition Combinations" on page 21-6
Chapter 21, "Configuring QoS."
April 2004
ACL Overview
Chapter 12, "Configur-
and
page 22-7