Cabletron Systems SmartSwitch manual Following SSR features use ACL profiles

Chapter 17: Access Control List Configuration Guide

The following SSR features use ACL profiles:

Note the following about using Profile ACLs:

•Only IP ACLs can be used as Profile ACLs. ACLs for non-IP protocols cannot be used as Profile ACLs.

•The permit/deny keywords, while required in the ACL rule definition, are disregarded in the configuration commands for the above-mentioned features. In other words, the configuration commands will act upon a specified Profile ACL whether or not the Profile ACL rule contains the permit or deny keyword.

•Unlike with other kinds of ACLs, there is no implicit deny rule for Profile ACLs.

•Only certain ACL rule parameters are relevant for each configuration command. For example, the configuration command to create NAT address pools for dynamic bindings (the nat create dynamic command) only looks at the source IP address in the specified ACL rule. The destination IP address, ports, and TOS parameters, if specified, are ignored.

Specific usage of Profile ACLs is described in more detail in the following sections.

Using Profile ACLs with the IP Policy Facility

The IP policy facility uses a Profile ACL to define criteria that determines which packets should be forwarded according to an IP policy. Packets that meet the criteria defined in the Profile ACL are forwarded according to the ip-policycommand that references the Profile ACL.

For example, you can define an IP policy that causes all telnet packets travelling from source network 9.1.1.0/24 to destination network 15.1.1.0/24 to be forwarded to destination address 10.10.10.10. You use a Profile ACL to define the selection criteria (in this case, telnet packets travelling from source network 9.1.1.0/24 to destination network