Alcatel-Lucent 6850, 9000, 6800 user manual ACL Manager

Page 17

Software Supported

TCP connection rules—Allows the determination of an established TCP connection by examining TCP flags found in the TCP header of the packet. Two condition parameters are available for defining a TCP connection ACL: established and tcpflags.

Early ARP discard—ARP packets destined for other hosts are discarded to reduce processing over- head and exposure to ARP DoS attacks. No configuration is required to use this feature, it is always available and active on the switch. Note that ARPs intended for use by a local subnet, AVLAN, and VRRP are not discarded.

UserPorts—A port group that identifies its members as user ports to prevent spoofed IP traffic. When a port is configured as a member of this group, packets received on the port are dropped if they contain a source IP network address that does not match the IP subnet for the port.

UserPorts Profile—In addition to spoofed traffic, it is also possible to configure a global UserPorts profile to specify additional types of traffic, such as BPDU, RIP, OSPF, and/or BGP, to monitor on user ports. The UserPorts profile also determines whether user ports will filter the unwanted traffic or will administratively shutdown when the traffic is received. Note that this profile only applies to those ports that are designated as members of the UserPorts port group.

DropServices—A service group that improves the performance of ACLs that are intended to deny packets destined for specific TCP/UDP ports. This group only applies to ports that are members of the UserPorts group. Using the DropServices group for this function minimizes processing overhead, which otherwise could lead to a DoS condition for other applications trying to use the switch.

ACL Manager

The Access Control List Manager (ACLMAN) is a function of the Quality of Service (QoS) application that provides an interactive shell for using common industry syntax to create ACLs. Commands entered using the ACLMAN shell are interpreted and converted to Alcatel CLI syntax that is used for creating QoS filtering policies.

This implementation of ACLMAN also provides the following features:

Importing of text files that contain common industry ACL syntax.

Support for both standard and extended ACLs.

Creating ACLs on a single command line.

The ability to assign a name, instead of a number, to an ACL or a group of ACL entries.

Sequence numbers for named ACL statements.

Modifying specific ACL entries without having to enter the entire ACL each time to make a change.

The ability to add and display ACL comments.

ACL logging extensions to display Layer 2 through 4 packet information associated with an ACL.

ACLMAN is supported on the OmniSwitch 6850 Series. The 6.1.3.R01 release provides support for this feature on the OmniSwitch 9000 Series.

OmniSwitch 6800/6850/9000—Release 6.1.3.R01

page 17

Page 16 Page 18
Image 17
Page 16 Page 18
Contents Page Related Documentation OmniSwitch 6800 Series Getting Started guideUpgrade Instructions for 6.1.3.R01 OmniSwitch 6850 Series OmniSwitch 6800 SeriesOmniSwitch 9000 Series Memory RequirementsNew Hardware Supported OS9800-CMM New Chassis Management Module CMMOmniSwitch 9600 Support for PS-510W AC/PS-360W AC OmniSwitch 9000 OS-IP-SHELF PoE Power ShelfGigabit Ethernet Transceiver SFP MSA Dual Speed Ethernet Transceivers100FX Ethernet Transceivers 3.R01 Supported Hardware/Software CombinationsModule Type Part Number Asic Physical Feature Platform Software Package New Software FeaturesVlan Range Support BGP4 Software SupportedPIM-SM 802.1x Device Classification Access Guardian 802.1W Rstp Default802.1Q 802.1Q 2005 MstpAccess Control Lists ACLs for IPv6 Access Control Lists ACLsACL & Layer 3 Security Source ipv6 destination ipv6 ipv6 Nh next header flow-labelACL Manager Automatic Vlan Containment AVC Authenticated Switch AccessAuthenticated VLANs BGP Graceful Restart Basic IPv4 RoutingBpdu Shutdown Ports Command Line Interface CLIDhcp Relay Dhcp Option-82 Relay Agent Information OptionEnd User Partitioning Eupm DNS ClientDynamic Vlan Assignment Mobility Ethernet Interfaces HTTP/HTTPS Port ConfigurationGeneric UDP Relay Health StatisticsIP DoS Enhancements Interswitch Protocol AmapIP Multicast Switching Ipms IPv6 NPD IP Multicast Switching Ipms ProxyingIP Route Map Redistribution L2 Dhcp Snooping IPX RoutingL2 MAC Address Table Size Enhancement L2 Static Multicast AddressesMulticast Routing Learned Port Security LPSLink Aggregation static & 802.3ad OSPFv2/OSPFv3 MultinettingNTP Client Policy Based Routing Permanent Mode Partitioned Switch ManagementPer-VLAN Dhcp Relay Policy Server ManagementQuality of Service QoS Power over Ethernet PoEPort Mapping Port MirroringRouting Protocol Preference Redirect Policies Port and Link AggregateRouter Discovery Protocol RDP Secure Copy SCP Secure Shell SSH Public Key AuthenticationSecure Shell SSH SSH Software Supported Operating SystemsSmart Continuous Switching OmniSwitch Smart Continuous Switching OmniSwitch 6800/OmniSwitchServer Load Balancing SLB SFlowSoftware Rollback Source LearningText File Configuration Switch LoggingSpanning Tree Syslog to Multiple HostsVlan Range Support User Definable Loopback InterfaceVlan Stacking and Translation VRRPv2/VRRPv3Web-Based Management WebView Trap Name Platforms Description Supported TrapsTrap Name Platforms Description Sion which was active on a slot cannot Trap Name Platforms Description Table gets dropped due to the overload Software Feature Unsupported CLI Commands Unsupported Software FeaturesUnsupported CLI Commands RIP MIB Name Unsupported MIB variables Alcatel IND1AAA Unsupported MIBsAlcatel IND1Bgp Alcatel IND1LAGAlcatelIND1Slb MIB Name Unsupported MIB variables AlcatelIND1QoSAlcatelIND1VlanManager MIB Name Unsupported MIB variablesIetfsnmp Problem Reports Open Problem Reports and Feature ExceptionsCommand Line Interface CLI SFlow RmonWeb-Based Management WebView Feature ExceptionsOpen Problem Reports and Feature Exceptions Open Problem Reports and Feature Exceptions Autonegotiation LayerBridging Ethernet Interfaces Open Problem Reports and Feature Exceptions Group Mobility IP Multicast Switching IpmsPort Mirroring/Monitoring Link AggregationSource Learning Open Problem Reports and Feature Exceptions Open Problem Reports and Feature Exceptions Spanning Tree Open Problem Reports and Feature Exceptions Vlan Stacking Dhcp Snooping Basic IP RoutingIPv6 Open Problem Reports and Feature Exceptions UDP Relay Server Load Balancing SLBAdvanced Routing OSPFv3 DvmrpPIM General Quality of Service includes ACLsPolicy Manager Security 802.1x Authenticated Switch Access Policy Server Management Authenticated VLANsSystem Open Problem Reports and Feature Exceptions Chassis Supervision Open Problem Reports and Feature Exceptions Power Over Ethernet Open Problem Reports and Feature Exceptions Redundancy / Hot Swap Hot Swap Time Limitations for OmniSwitchOpen Problem Reports and Feature Exceptions Region Phone Number Technical Support
Top Page Image Contents