Alcatel-Lucent 6850-48 ネットワークガイド
Configuring ACLs
ACL Overview
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 41-5
ACL Overview
ACLs provide moderate security between networks. The following illustration shows how ACLs may be
used to filter subnetwork traffic through a private network, functioning like an internal firewall for LANs.
used to filter subnetwork traffic through a private network, functioning like an internal firewall for LANs.
When traffic arrives on the switch, the switch checks its policy database to attempt to match Layer 2 or
Layer 3/4 information in the protocol header to a filtering policy rule. If a match is found, it applies the
relevant disposition to the flow. Disposition determines whether a flow is allowed or denied. There is a
global disposition (the default is accept), and individual rules may be set up with their own dispositions.
Layer 3/4 information in the protocol header to a filtering policy rule. If a match is found, it applies the
relevant disposition to the flow. Disposition determines whether a flow is allowed or denied. There is a
global disposition (the default is accept), and individual rules may be set up with their own dispositions.
Note. In some network situations, it is recommended that the global disposition be set to deny, and that
rules be created to allow certain types of traffic through the switch. To set the global disposition to deny,
use the
rules be created to allow certain types of traffic through the switch. To set the global disposition to deny,
use the
commands. See
for more information about these commands.
When multiple policy rules exist for a particular flow, each policy is applied to the flow as long as there
are no conflicts between the policies. If there is a conflict, then the policy with the highest precedence is
applied to the flow. See
are no conflicts between the policies. If there is a conflict, then the policy with the highest precedence is
applied to the flow. See
for more information about precedence.
Note. QoS policy rules may also be used for traffic prioritization and other network scenarios. For a
general discussion of QoS policy rules, see
general discussion of QoS policy rules, see
OmniSwitch
Subnetwork
Subnetwork
Subnetwork
Private
Network
Public
Network
router
OmniSwitch
Filtering Rules
(ACLs)
Basic ACL Application