Alcatel-Lucent OmniSwitch 6800 Series - ACL Configuration Overview; Setting the Global Disposition

To Next Page

To Previous Page

Configuring ACLs ACL Configuration Overview

OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008 page 31-7

For more information about supported combinations, see “Condition Combinations” on page 30-6 and

“Action Combinations” on page 30-8 in Chapter 30, “Configuring QoS.”

ACL Configuration Overview

This section describes the QoS CLI commands used specifically to configure ACLs. ACLs are basically a

type of QoS policy, and the commands used to configure ACLs are a subset of the switch’s QoS

commands. For information about basic configuration of QoS policies, see Chapter 30, “Configuring

QoS.”

To configure an ACL, the following general steps are required:

1 Set the global disposition. This step is described in “Setting the Global Disposition” on page 31-7.

2 Create a condition for the traffic to be filtered. This step is described in “Creating Condition Groups

For ACLs” on page 31-8 and “Creating Policy Conditions For ACLs” on page 31-9.

3 Create an action to accept or deny the traffic. This step is described in “Creating Policy Actions For

ACLs” on page 31-10.

4 Create a policy rule that combines the condition and the action. This step is described in “Creating

Policy Rules for ACLs” on page 31-11.

For a quick tutorial on how to configure ACLs, see “Quick Steps for Creating ACLs” on page 31-4.

Setting the Global Disposition

By default, flows that do not match any policies are accepted on the switch. You may configure the switch

to deny any flow that does not match a policy.

Note. Note that the global disposition setting applies to all policy rules on the switch, not just those that

are configured for ACLs.

The global commands include:

qos default bridged disposition

qos default routed disposition

To change the global default dispositions, use these commands with the desired disposition value (accept,

drop, or deny).

For Layer 3 ACLs, it is recommended that the global dispositions be set to deny. For example, the follow-

ing command drops any routed traffic coming into the switch that does not match a policy:

-> qos default routed disposition deny

Policies may then be set up to allow routed traffic through the switch.

Note that in the current release of Alcatel-Lucent’s QoS software, the drop and deny keywords produce

the same result (flows are silently dropped; no ICMP message is sent).

Other manuals for Alcatel-Lucent OmniSwitch 6800 Series