Cabletron Systems 9032578-05 manual Using ACLs as Profiles, SSR Feature ACL Profile Usage

Chapter 19: Access Control List Configuration Guide

Like ACLs that are applied to interfaces, ACLs that are applied to Layer 4 bridging ports can be applied to either inbound or outbound traffic. For each port, only one ACL can be applied for the inbound direction and one for the outbound direction. You can apply two ACLs to the same port if one is for inbound traffic and one is for outbound traffic.

To apply an ACL to a port, enter the following command in Configure Mode:

See “Layer-4 Bridging and Filtering” on page 286 for information on configuring Layer-4 Bridging on the SSR.

Using ACLs as Profiles

You can use the acl command to define a profile. A profile specifies the criteria that addresses, flows, hosts, or packets must meet to be relevant to certain SSR features. Once you have defined an ACL profile, you can use the profile with the configuration command for that feature. For example, the Network Address Translation (NAT) feature on the SSR allows you to create address pools for dynamic bindings. You use ACL profiles to represent the appropriate pools of IP addresses.

The following SSR features use ACL profiles:

Note the following about using Profile ACLs:

•Only IP ACLs can be used as Profile ACLs. ACLs for non-IP protocols cannot be used as Profile ACLs.

•The permit/deny keywords, while required in the ACL rule definition, are disregarded in the configuration commands for the above-mentioned features. In other words, the configuration commands will act upon a specified Profile ACL whether or not the Profile ACL rule contains the permit or deny keyword.