Filter
Top Products
Configuring ACLs ACL Overview
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 25-7
Interaction With Other Features
• IP Routing—IP routing must be enabled on the switch for Layer 3 ACLs. See Chapter 14, “Configur-
ing IP,” for more information about setting up routing.
• Routing Protocols—Layer 3 filtering is compatible with routing protocols on the switch, including
RIP and OSPF. If VRRP is also running, all VRRP routers on the LAN must be configured with the
same filtering rules; otherwise, the security of the network will be compromised. For more informa-
tion about VRRP, see Chapter 19, “Configuring VRRP.”
• Bridging—Layer 2 ACLs are supported for bridged traffic. Layer 3 ACLs are typically only
performed on routed traffic, but the switch may be set to classify Layer 3 information in bridged
frames. For information about configuring the switch to classify Layer 3 information in bridged
frames, see “Classifying Bridged Traffic as Layer 3” on page 24-18.
Valid Combinations
There are limitations to the types of conditions that may be combined in a single rule. A brief overview of
these limitations is listed here:
• Layer 2 and Layer 3/4 conditions should not be combined.
• Source and destination parameters cannot be combined in Layer 2 conditions; source and destination
parameters may be combined in Layer 3/4 conditions.
• Type of Service (ToS) and Differentiated Services Code Point (DSCP) values cannot be combined in a
single condition.
• Individual items and their correponding groups cannot be combined in the same condition. For exam-
ple, a source IP address cannot be included in a condition with a source IP network group.
For more information about supported combinations, see “Condition Combinations” on page 24-6 and
“Condition/Action Combinations” on page 24-7 in Chapter 24, “Configuring QoS.”