Alcatel-Lucent 6850-48 网络指南

Configuring ACLs

page 41-10

OmniSwitch AOS Release 6 Network Configuration Guide

September 2009

The following table lists the keywords for the policy condition command that are typically used for the
different types of ACLs:

Note that the individual address, service, or port cannot be used in conjunction with the same type of
condition group. For example, you cannot specify in the same rule both a source MAC address and a
source MAC group.

Creating Policy Actions For ACLs

A policy action for IP filtering specifies a disposition, that is, whether the flow is accepted or denied on the
switch. To create a policy action, use the policy action command. Use the disposition keyword to define
whether the flow is accepted (accept) or denied (deny). For example:

-> policy action a1 disposition accept

If you do not specify a disposition for the policy action, the default (accept) will be used.

Layer 2 ACL Condition
Keywords

Layer 3/4 ACL Condition
Keywords

Multicast ACL Condition
Keywords

source mac
source mac group
destination mac
destination mac group
source vlan
source port
source port group
destination port
destination port group
ethertype
802.1p

source ip
source ipv6
source network group
destination ip
destination ipv6
destination network group
source ip port
destination ip port
service
service group
ip protocol
ipv6
nh
flow-label
destination port
destination port group
icmptype
icmpcode
tos
dscp
source tcp port
destination tcp port
source udp port
destination udp port
established
tcpflags

multicast ip
multicast network group
destination ip
destination vlan
destination port
destination port group
destination mac
destination mac group