Alcatel-Lucent 6850-48 网络指南

Configuring ACLs

Configuring ACLs

page 41-12

OmniSwitch AOS Release 6 Network Configuration Guide

In this example, the default bridged disposition is accept (the default). Since the default is accept, the qos 
default bridged disposition command would only need to be entered if the disposition had previously 
been set to deny. The command is shown here for completeness.

-> qos default bridged disposition accept

-> policy condition Address1 source mac 080020:112233 source vlan 5

-> policy action BlockTraffic disposition deny

-> policy rule FilterA condition Address1 action BlockTraffic

In this scenario, traffic with a source MAC address of 08:00:20:11:22:33 coming in on VLAN 5 would 
match condition Address1, which is a condition for a policy rule called FilterA. FilterA is then applied to 
the flow. Since FilterA has an action (BlockTraffic) that is set to deny traffic, the flow would be denied 
on the switch.

Note that although this example contains only Layer 2 conditions, it is possible to combine Layer 2 and 
Layer 3 conditions in the same policy. 

The QoS software in the switch filters routed and bridged traffic at Layer 3. 

For Layer 3 filtering, the QoS software in the switch classifies traffic based on:

• Source IP address or source network group

• Destination IP address or destination network group

• IP protocol

• ICMP code

• ICMP type

• Source TCP/UDP port

• Destination TCP/UDP port or service or service group

The following policy condition keywords are used for Layer 3 ACLs: 

Note that combining Layer 2 and Layer 3 conditions in the same policy is supported. Refer to 

 in