Alcatel-Lucent 6850-48 网络指南
Configuring ACLs
Configuring ACLs
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 41-9
Configuring ACLs
This section describes in detail the procedures for configuring ACLs. For more information about how to
configure policies in general, see
configure policies in general, see
Command syntax is described in detail
in the OmniSwitch CLI Reference Guide.
The basic commands for configuring ACL rules are the same as those for configuring policy rules:
policy condition
policy action
policy rule
policy action
policy rule
Creating Policy Conditions For ACLs
A policy condition for IP filtering may include a particular source IP address, destination IP address,
source IP port, or destination IP port. Or, the condition may simply refer to the network group, MAC
group, port group, or service group. Typically ACLs use group keywords in policy conditions. A single
rule, therefore, filters traffic for multiple addresses or ports.
source IP port, or destination IP port. Or, the condition may simply refer to the network group, MAC
group, port group, or service group. Typically ACLs use group keywords in policy conditions. A single
rule, therefore, filters traffic for multiple addresses or ports.
For example:
-> policy port group pgroup1 3/1-2 4/3 5/4
-> policy condition c2 source port group pgroup1
In this example, a Layer 2 condition (c2) specifies that traffic matches the ports included of the pgroup1
port group. The condition also specifies that the port group is a source group. Any traffic coming in on
ports 1 or 2 on slot 3, port 3 on slot 4, or port 4 on slot 5 will match condition c2.
port group. The condition also specifies that the port group is a source group. Any traffic coming in on
ports 1 or 2 on slot 3, port 3 on slot 4, or port 4 on slot 5 will match condition c2.
For more information about condition groups, see
.