Layer 3 Acl: Example 2; Multicast Filtering Acls - Alcatel OmniSwitch 6624 Network Configuration Manual

Configuring ACLs

Layer 3 ACL: Example 2

This example uses condition groups to combine multiple IP addresses in a single condition. The default
disposition is set to deny.
-> qos default routed disposition deny
-> policy network group GroupA 192.60.22.1 192.60.22.2 192.60.22.0
-> policy condition cond7 destination network group GroupA
-> policy action Ok disposition accept
-> policy rule FilterL32 condition cond7 action Ok
In this example, a network group, GroupA, is configured with three IP addresses. Condition cond7
includes GroupA as a destination group. Flows coming into the switch destined for any of the specified IP
addresses in the group will match rule FilterL32. FilterL32 is configured with an action (Ok) to allow the
traffic on the switch.

Multicast Filtering ACLs

Multicast filtering may be set up to filter clients requesting group membership via the Internet Group
Management Protocol (IGMP). IGMP is used to track multicast group membership. The IP Multicast
Switching (IPMS) function in the switch optimizes the delivery of IP multicast traffic by sending packets
only to those stations that request it. Potential multicast group members may be filtered out so that IPMS
does not send multicast packets to those stations.
For more information about IPMS, see
Multicast traffic has its own global disposition. By default, the global disposition is accept. To change the
default, use the qos default multicast disposition command.
For multicast filtering, the swich classifies traffic based on the multicast IP address or multicast network
group and any destination parameters. Note that the destination parameters are used for the client from
which the switch will receive the IGMP request.
The multicast ip or multicast network group keyword is required in the condition configured for a
multicast ACL.
The following keywords may be used in the condition to indicate the client parameters:
Multicast ACL Keywords
destination ip
destination vlan
destination port
destination port group
destination mac
destination mac group
destination interface type
If a destination group is specified, the corresponding single value keyword cannot be combined in the
same condition. For example, if a destination port is specified, a destination port group cannot be speci-
fied in the same condition.
OmniSwitch 6624/6648 Network Configuration Guide
Chapter 23, "Configuring IP Multicast Switching."
April 2004
Configuring ACLs
page 22-15