Device-wide policy lists
You can attach a policy list (other than a policy-based routing list) to every interface on the
Branch Gateway using one command. To do this, attach a list to the Loopback 1 interface. For
more information, see
Policy list attachments on page 564.
Note:
If you attach a policy list to a Loopback interface other than Loopback 1, the policy list has
no effect.
When you attach a policy list to the Loopback 1 interface, thereby creating a device-wide policy
list, and you also attach policy lists to specific interfaces, the Branch Gateway applies the lists
in the following order:
• Incoming packets:
a. Apply the ingress policy lists that are attached to the interface
b. Apply the device-wide ingress policy lists
• Outgoing packets:
a. Apply the device-wide egress policy lists
b. Apply the egress policy lists that are attached to the interface
Defining global rules
About this task
In an access control list, you can define global rules for packets that contain IP fragments and
IP options. These rules apply to all packets. This is in contrast to individual rules, which apply
to packets that match certain defined criteria. See Policy rule configuration on page 568.
The Branch Gateway applies global rules before applying individual rules.
Procedure
1. Enter the context of the access control list in which you want to define the rule.
2. Enter one of the following commands, followed by the name of a composite
command:
• ip-fragments-in. Applies to incoming packets that contain IP fragments
• ip-option-in. Applies to incoming packets that contain IP options
Policy lists
Administering Avaya G430 Branch Gateway October 2013 567
To Next Page
Loading...
