Alcatel-Lucent 6850-48 ネットワークガイド

Configuring ACLs

ACL Overview

OmniSwitch AOS Release 6 Network Configuration Guide

page 41-5

ACLs provide moderate security between networks. The following illustration shows how ACLs may be 
used to filter subnetwork traffic through a private network, functioning like an internal firewall for LANs.

When traffic arrives on the switch, the switch checks its policy database to attempt to match Layer 2 or 
Layer 3/4 information in the protocol header to a filtering policy rule. If a match is found, it applies the 
relevant disposition to the flow. Disposition determines whether a flow is allowed or denied. There is a 
global disposition (the default is accept), and individual rules may be set up with their own dispositions.

Note. In some network situations, it is recommended that the global disposition be set to deny, and that 
rules be created to allow certain types of traffic through the switch. To set the global disposition to deny, 
use the 

 commands. See 

 for more information about these commands.

When multiple policy rules exist for a particular flow, each policy is applied to the flow as long as there 
are no conflicts between the policies. If there is a conflict, then the policy with the highest precedence is 
applied to the flow. See 

 for more information about precedence.

Note. QoS policy rules may also be used for traffic prioritization and other network scenarios. For a 
general discussion of QoS policy rules, see