Configuring ACLs Quick Steps for Creating ACLs
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 25-3
Quick Steps for Creating ACLs
1 Set the global disposition for bridged or routed traffic. By default, all flows that do match any policies
are allowed on the switch. Typically, you may want to deny traffic for all Layer 3 flows that come into the
switch and do not match a policy, but allow any Layer 2 (bridged) flows that do not match policies. For
example:
-> qos default routed disposition deny
2 Create policy condition groups for multiple addresses or services that you want to filter. (If you have a
single address to filter, you can skip this step and simply include the address, service, or port in the policy
condition.) An example:
-> policy network group NetGroup1 192.68.82.0 mask 255.255.255.0 192.60.83.0
mask 255.255.255.0
3 Create a policy condition using the policy condition command. If you created a network group, MAC
group, service group, or port group, specify the group as part of the condition.
-> policy condition Lab3 source network group NetGroup1
Note. (Optional) Test the condition with the show policy classify command using information from the
policy condition. For example:
-> show policy classify l3 source ip 192.68.82.0
This command displays information about whether the indicated parameter may be used to classify traffic
based on policies that are configured on the switch. For more information about testing conditions, see
“Testing Conditions” on page 24-32 in Chapter 24, “Configuring QoS.”
4 Create a policy action with the policy action command. Use the keyword disposition and indicate
whether the flow(s) should be accepted or denied.
-> policy action Yes disposition accept
5 Create a policy rule with the policy rule command and include the relevant condition and action. Use
the keyword precedence to specify the priority of this rule over other rules for traffic matching the speci-
fied condition.
-> policy rule lab_rule1 condition Lab3 action Yes precedence 65535
6 For Layer 3 filtering, make sure that IP router ports are available on the VLANs on which you will be
routing. Use the vlan router ip command. For example:
-> vlan 2 router ip 192.68.82.1
7 Apply the policy configuration using the qos apply command. For details about using this command,
see “Applying the Configuration” on page 24-46 in Chapter 24, “Configuring QoS.”