Alcatel-Lucent 6600 Switch User Manual

Open as PDF

of 654

Creating Condition Groups For ACLs Configuring ACLs

page 25-10 OmniSwitch 6600 Family Network Configuration Guide April 2006

Creating Condition Groups For ACLs

Condition groups for ACLs are made up of multiple IP addresses, MAC addresses, services, or IP ports to

which you want to apply the same disposition. Instead of creating a separate condition for each policy rule,

create a condition group and associate the group with the condition. This reduces the number of rules you

would have to configure (one for each address, service, or port).

The commands used for creating condition groups include:

policy network group

policy mac group

policy service

policy service group

policy port group

For example:

-> policy network group netgroup2 10.10.5.1 10.10.5.2 10.10.5.3

-> policy condition cond2 source network group netgroup2

This command configures a network group (netgroup2) of three IP addresses. The network group is then

configured as part of a policy condition (cond2). The condition specifies that the addresses in the group

are source addresses. (For all condition groups except service groups, the policy condition specifies

whether the condition group is a source or destination group.)

If a network group was not used, a separate condition would have to be created for each IP address. Subse-

quently, a corresponding rule would have to be created for each condition. Using a network group reduces

the number of rules required.

For more details about using groups in policy conditions, see “Using Condition Groups in Policies” on

page 24-34 in Chapter 24, “Configuring QoS.”

Configuring ACLs

This section describes in detail the procedures for configuring ACLs. For more information about how to

configure policies in general, see Chapter 24, “Configuring QoS.” Command syntax is described in detail

in the OmniSwitch CLI Reference Guide.

The basic commands for configuring ACL rules are the same as those for configuring policy rules:

policy condition

policy action

policy rule

Creating Policy Conditions For ACLs

A policy condition for IP filtering may include a particular source IP address, destination IP address,

source IP port, or destination IP port. Or, the condition may simply refer to the network group, MAC

group, port group, or service group. Typically ACLs use group keywords in policy conditions. A single

rule, therefore, filters traffic for multiple addresses or ports.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Alcatel-Lucent 6600 Switch User Manual