Chapter 17: Access Control List Configuration Guide
244
DIGITAL GIGAswitch/Router User Reference Manual
To apply an ACL to a service, enter the following command in Configure mode:
Using ACLs as Profiles
You can use the
acl
command to define a
profile
. A profile specifies the criteria that
addresses, flows, hosts, or packets must meet to be relevant to certain GSR features. Once
you have defined an ACL profile, you can use the profile with the configuration command
for that feature. For example, the Network Address Translation (NAT) feature on the GSR
allows you to create address pools for dynamic bindings. You use ACL profiles to
represent the appropriate pools of IP addresses.
The following GSR features use ACL profiles:
Note the following about using Profile ACLs:
•
Only IP ACLs can be used as Profile ACLs. ACLs for non-IP protocols
cannot
be used
as Profile ACLs.
•
The
permit
/
deny
keywords, while required in the ACL rule definition, are
disregarded
in the configuration commands for the above-mentioned features. In other words, the
configuration commands will act upon a specified Profile ACL whether or not the
Profile ACL rule contains the
permit
or
deny
keyword.
•
Unlike with other kinds of ACLs, there is no implicit deny rule for Profile ACLs.
Apply ACL to a service.
acl
<name>
apply service
<service name>
[logging [on|off]]
GSR Feature
ACL Profile Usage
IP policy
Specifies the packets that are subject to the IP routing policy.
Dynamic NAT
Defines local address pools for dynamic bindings.
Port mirroring
Defines traffic to be mirrored.
Rate limiting
Specifies the incoming traffic flow to which rate limiting is
applied.
Web caching
Specifies which HTTP traffic should always (or never) be
redirected to the cache servers.
Specifies characteristics of Web objects that should not be cached.