Alcatel-Lucent 6600 Switch User Manual

Open as PDF

of 654

Configuring ACLs Quick Steps for Creating ACLs

OmniSwitch 6600 Family Network Configuration Guide April 2006 page 25-3

Quick Steps for Creating ACLs

1 Set the global disposition for bridged or routed traffic. By default, all flows that do match any policies

are allowed on the switch. Typically, you may want to deny traffic for all Layer 3 flows that come into the

switch and do not match a policy, but allow any Layer 2 (bridged) flows that do not match policies. For

example:

-> qos default routed disposition deny

2 Create policy condition groups for multiple addresses or services that you want to filter. (If you have a

single address to filter, you can skip this step and simply include the address, service, or port in the policy

condition.) An example:

-> policy network group NetGroup1 192.68.82.0 mask 255.255.255.0 192.60.83.0

mask 255.255.255.0

3 Create a policy condition using the policy condition command. If you created a network group, MAC

group, service group, or port group, specify the group as part of the condition.

-> policy condition Lab3 source network group NetGroup1

Note. (Optional) Test the condition with the show policy classify command using information from the

policy condition. For example:

-> show policy classify l3 source ip 192.68.82.0

This command displays information about whether the indicated parameter may be used to classify traffic

based on policies that are configured on the switch. For more information about testing conditions, see

“Testing Conditions” on page 24-32 in Chapter 24, “Configuring QoS.”

4 Create a policy action with the policy action command. Use the keyword disposition and indicate

whether the flow(s) should be accepted or denied.

-> policy action Yes disposition accept

5 Create a policy rule with the policy rule command and include the relevant condition and action. Use

the keyword precedence to specify the priority of this rule over other rules for traffic matching the speci-

fied condition.

-> policy rule lab_rule1 condition Lab3 action Yes precedence 65535

6 For Layer 3 filtering, make sure that IP router ports are available on the VLANs on which you will be

routing. Use the vlan router ip command. For example:

-> vlan 2 router ip 192.68.82.1

7 Apply the policy configuration using the qos apply command. For details about using this command,

see “Applying the Configuration” on page 24-46 in Chapter 24, “Configuring QoS.”

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Alcatel-Lucent 6600 Switch User Manual