Applying ACL Policy Files
ExtremeWare XOS 11.3 Concepts Guide
275
An ACL mask defines a unique match criteria and relative rule precedence. Masks are automatically
generated based on the contents of an access-list policy. Only adjacent rules within the policy that have
identical match criteria will utilize the same ACL mask. For this reason, it is advantageous to list all
rules with the same match criteria together unless relative precedence with other policy rules is
required. Using VLAN-based or wildcards ACLs requires that the ACL masks are allocated on every
port in the system. For example, consider the following 2 policies:
policy1.pol :
entry one {
if {
source-address 1.1.1.1/32;
} then {
count debug;
}
}
entry two {
if {
protocol tcp;
destination-port 23;
} then {
permit;
}
}
entry three {
if {
source-address 2.2.2.2/32;
} then {
deny;
}
}
policy2.pol :
entry one {
if {
source-address 1.1.1.1/32;
} then {
count debug;
}
}
entry three {
if {
source-address 2.2.2.2/32;
} then {
deny;
}
}
entry two {
if {
protocol tcp;
destination-port 23;
} then {
permit;
}
}
To Next Page
Loading...