Configuring ACLs ACL Overview
OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008 page 31-5
ACL Overview
ACLs provide moderate security between networks. The following illustration shows how ACLs may be
used to filter subnetwork traffic through a private network, functioning like an internal firewall for LANs.
When traffic arrives on the switch, the switch checks its policy database to attempt to match Layer 2 or
Layer 3/4 information in the protocol header to a filtering policy rule. If a match is found, it applies the
relevant disposition to the flow. Disposition determines whether a flow is allowed or denied. There is a
global disposition (the default is accept), and individual rules may be set up with their own dispositions.
Note. In some network situations, it is recommended that the global disposition be set to deny, and that
rules be created to allow certain types of traffic through the switch. To set the global disposition to deny,
use the qos default bridged disposition and qos default routed disposition commands. See “Setting the
Global Disposition” on page 31-7 for more information about these commands.
When multiple policy rules exist for a particular flow, each policy is applied to the flow as long as there
are no conflicts between the policies. If there is a conflict, then the policy with the highest precedence is
applied to the flow. See “Rule Precedence” on page 31-6 for more information about precedence.
Note. QoS policy rules may also be used for traffic prioritization and other network scenarios. For a
general discussion of QoS policy rules, see Chapter 30, “Configuring QoS.”
OmniSwitch
Subnetwork
Subnetwork
Subnetwork
Private
Network
Public
Network
router
OmniSwitch
Filtering Rules
(ACLs)
Basic ACL Application
To Next Page
Loading...
