Alcatel-Lucent 6850-48 Network Guide
Quick Steps for Creating ACLs
Configuring ACLs
page 41-4
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
Quick Steps for Creating ACLs
1 Set the global disposition for bridged or routed traffic. By default, all flows that do match any policies
are allowed on the switch. Typically, you may want to deny traffic for all Layer 3 flows that come into the
switch and do not match a policy, but allow any Layer 2 (bridged) flows that do not match policies. For
example:
are allowed on the switch. Typically, you may want to deny traffic for all Layer 3 flows that come into the
switch and do not match a policy, but allow any Layer 2 (bridged) flows that do not match policies. For
example:
-> qos default routed disposition deny
2 Create policy condition groups for multiple addresses or services that you want to filter. (If you have a
single address to filter, you can skip this step and simply include the address, service, or port in the policy
condition.) An example:
single address to filter, you can skip this step and simply include the address, service, or port in the policy
condition.) An example:
-> policy network group NetGroup1 192.68.82.0 mask 255.255.255.0 192.60.83.0
mask 255.255.255.0
3 Create a policy condition using the policy condition command. If you created a network group, MAC
group, service group, or port group, specify the group as part of the condition.
group, service group, or port group, specify the group as part of the condition.
-> policy condition Lab3 source network group NetGroup1
Note. (Optional) Test the condition with the show policy classify command using information from the
policy condition. For example:
policy condition. For example:
-> show policy classify l3 source ip 192.68.82.0
This command displays information about whether the indicated parameter may be used to classify traffic
based on policies that are configured on the switch. For more information about testing conditions, see
based on policies that are configured on the switch. For more information about testing conditions, see
4 Create a policy action with the policy action command. Use the keyword disposition and indicate
whether the flow(s) should be accepted or denied.
whether the flow(s) should be accepted or denied.
-> policy action Yes disposition accept
5 Create a policy rule with the policy rule command and include the relevant condition and action. Use
the keyword precedence to specify the priority of this rule over other rules for traffic matching the speci-
fied condition.
the keyword precedence to specify the priority of this rule over other rules for traffic matching the speci-
fied condition.
-> policy rule lab_rule1 condition Lab3 action Yes precedence 65535
6 Apply the policy configuration using the qos apply command. For details about using this command,
see
see
in