beautypg.com

Using acls as profiles – Cabletron Systems SMARTSWITCH ROUTER 9032578-05 User Manual

Page 294

background image

Chapter 19: Access Control List Configuration Guide

268

SmartSwitch Router User Reference Manual

Like ACLs that are applied to interfaces, ACLs that are applied to Layer 4 bridging ports
can be applied to either inbound or outbound traffic. For each port, only one ACL can be
applied for the inbound direction and one for the outbound direction. You can apply two
ACLs to the same port if one is for inbound traffic and one is for outbound traffic.

To apply an ACL to a port, enter the following command in Configure Mode:

See

“Layer-4 Bridging and Filtering” on page 286

for information on configuring Layer-4

Bridging on the SSR.

Using ACLs as Profiles

You can use the acl command to define a profile. A profile specifies the criteria that
addresses, flows, hosts, or packets must meet to be relevant to certain SSR features. Once
you have defined an ACL profile, you can use the profile with the configuration command
for that feature. For example, the Network Address Translation (NAT) feature on the SSR
allows you to create address pools for dynamic bindings. You use ACL profiles to
represent the appropriate pools of IP addresses.

The following SSR features use ACL profiles:

Note the following about using Profile ACLs:

Only IP ACLs can be used as Profile ACLs. ACLs for non-IP protocols cannot be used
as Profile ACLs.

The permit/deny keywords, while required in the ACL rule definition, are disregarded
in the configuration commands for the above-mentioned features. In other words, the
configuration commands will act upon a specified Profile ACL whether or not the
Profile ACL rule contains the permit or deny keyword.

Apply a Layer-4 bridging ACL to a port

acl

apply port

SSR Feature

ACL Profile Usage

IP policy

Specifies the packets that are subject to the IP routing policy.

Dynamic NAT

Defines local address pools for dynamic bindings.

Port mirroring

Defines traffic to be mirrored.

Rate limiting

Specifies the incoming traffic flow to which rate limiting is
applied.

Web caching

Specifies which HTTP traffic should always (or never) be
redirected to the cache servers.

Specifies characteristics of Web objects that should not be cached.

See also other documents in the category Cabletron Systems Hardware: