Filter
Top Products
Configuring ACLs Using ACL Security Features
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 25-21
Configuring ICMP Drop Rules
Combining a Layer 2 condition for source VLAN with a Layer 3 condition for IP protocol is supported.
Use these two conditions together in a policy to block ICMP echo request and reply packets without
impacting switch performance.
The following example defines an ACL policy that blocks ICMP echo request and reply packets on source
VLAN 10:
-> policy condition ping10 source vlan 10 ip protocol 1
-> policy action drop disposition drop
-> policy rule noping10 condition ping10 action drop
-> qos apply
Note that the above policy only blocks ICMP echo traffic, all other ICMP traffic is still allowed.
Configuring a BPDUShutdownPorts Group
To block BPDUs on certain ports, add the desired ports to a port group called BPDUShutdownPorts. For
example, the following policy port group command adds ports 3/1-24 and 4/1-24 to the BPDUShut-
downPorts group:
-> policy port group BPDUShutdownPorts 3/1-24 4/1-24
-> qos apply
Note that it is not necessary to include the BPDUShutdownPorts group in a condition and/or rule for the
group to take affect. In addition, this group must be specified using the exact capitalization shown in the
above example.
Once ports are designated as members of the BPDUShutdownPorts group, BPDUs are blocked by admin-
istratively shutting down a port when the port receives a BPDU. To restore a disabled port to enabled
status, disconnect and reconnect the cable or use the interfaces admin command to administratively
enable the port.