Chapter 19: Access Control List Configuration Guide

Like ACLs that are applied to interfaces, ACLs that are applied to Layer 4 bridging ports can be applied to either inbound or outbound traffic. For each port, only one ACL can be applied for the inbound direction and one for the outbound direction. You can apply two ACLs to the same port if one is for inbound traffic and one is for outbound traffic.

To apply an ACL to a port, enter the following command in Configure Mode:

Apply a Layer-4 bridging ACL to a port

acl <name> apply port <port-list>

See “Layer-4 Bridging and Filtering” on page 286 for information on configuring Layer-4 Bridging on the SSR.

Using ACLs as Profiles

You can use the acl command to define a profile. A profile specifies the criteria that addresses, flows, hosts, or packets must meet to be relevant to certain SSR features. Once you have defined an ACL profile, you can use the profile with the configuration command for that feature. For example, the Network Address Translation (NAT) feature on the SSR allows you to create address pools for dynamic bindings. You use ACL profiles to represent the appropriate pools of IP addresses.

The following SSR features use ACL profiles:

SSR Feature

ACL Profile Usage

 

 

IP policy

Specifies the packets that are subject to the IP routing policy.

 

 

Dynamic NAT

Defines local address pools for dynamic bindings.

 

 

Port mirroring

Defines traffic to be mirrored.

 

 

Rate limiting

Specifies the incoming traffic flow to which rate limiting is

 

applied.

 

 

Web caching

Specifies which HTTP traffic should always (or never) be

 

redirected to the cache servers.

 

Specifies characteristics of Web objects that should not be cached.

 

 

Note the following about using Profile ACLs:

Only IP ACLs can be used as Profile ACLs. ACLs for non-IP protocols cannot be used as Profile ACLs.

The permit/deny keywords, while required in the ACL rule definition, are disregarded in the configuration commands for the above-mentioned features. In other words, the configuration commands will act upon a specified Profile ACL whether or not the Profile ACL rule contains the permit or deny keyword.

268

SmartSwitch Router User Reference Manual

Page 294
Image 294
Cabletron Systems 9032578-05 manual Using ACLs as Profiles, SSR Feature ACL Profile Usage