Alcatel-Lucent 6850-48 ネットワークガイド

Configuring ACLs

ACL Configuration Overview

OmniSwitch AOS Release 6 Network Configuration Guide

page 41-7

For more information about supported combinations, see 

 in 

This section describes the QoS CLI commands used specifically to configure ACLs. ACLs are basically a 
type of QoS policy, and the commands used to configure ACLs are a subset of the switch’s QoS 
commands. For information about basic configuration of QoS policies, see 

To configure an ACL, the following general steps are required:

1 Set the global disposition. This step is described in 

2 Create a condition for the traffic to be filtered. This step is described in 

.

3 Create an action to accept or deny the traffic. This step is described in 

4 Create a policy rule that combines the condition and the action. This step is described in 

For a quick tutorial on how to configure ACLs, see 

.

By default, flows that do not match any policies are accepted on the switch. You may configure the switch 
to deny any flow that does not match a policy. 

Note. Note that the global disposition setting applies to all policy rules on the switch, not just those that 
are configured for ACLs. 

The global commands include:

To change the global default dispositions, use these commands with the desired disposition value (accept, 
drop, or deny). 

For Layer 3 ACLs, it is recommended that the global dispositions be set to deny. For example, the follow-
ing command drops any routed traffic coming into the switch that does not match a policy:

-> qos default routed disposition deny

Policies may then be set up to allow routed traffic through the switch. 

Note that in the current release of Alcatel-Lucent’s QoS software, the drop and deny keywords produce 
the same result (flows are silently dropped; no ICMP message is sent).