4 using acls as profiles, Using acls as profiles -10, Table 24-1 features that use acl profile -10 – Riverstone Networks WICT1-12 User Manual

24-10 Riverstone Networks RS Switch Router User Guide Release 8.0

Using ACLs

Access Control List Configuration

24.3.4

Using ACLs as Profiles

You can use the

acl

command to define a profile. A profile specifies the criteria that addresses, flows, hosts, or packets

must meet to be relevant to certain RS features. Once you have defined an ACL profile, you can use the profile with
the configuration command for that feature. For example, the Network Address Translation (NAT) feature on the RS
allows you to create address pools for dynamic bindings. You use ACL profiles to represent the appropriate pools of
IP addresses.

The following RS features use ACL profiles:

Note the following about using profile ACLs:

•

Only IP ACLs can be used as Profile ACLs. ACLs for non-IP protocols cannot be used as Profile
ACLs.

•

The

permit/deny

keywords, while required in the ACL rule definition, are disregarded in the

configuration commands for the above-mentioned features. In other words, the configuration
commands will act upon a specified Profile ACL whether or not the Profile ACL rule contains the

permit

or

deny

keyword.

•

Only certain ACL rule parameters are relevant for each configuration command. For example, the
configuration command to create NAT address pools for dynamic bindings (the

nat create

dynamic

command) only looks at the source IP address in the specified ACL rule. The destination

IP address, ports, and TOS parameters, if specified, are ignored.

Specific usage of Profile ACLs is described in more detail in the following sections.

Using Profile ACLs with the IP Policy Facility

The IP policy facility uses a Profile ACL to define criteria that determines which packets should be forwarded
according to an IP policy. Packets that meet the criteria defined in the Profile ACL are forwarded according to the

ip-policy

command that references the Profile ACL.

Table 24-1 Features that use ACl profile

RS Feature

ACL Profile Usage

IP policy

Specifies the packets that are subject to the IP routing policy.

Dynamic NAT

Defines local address pools for dynamic bindings.

Port mirroring

Defines traffic to be mirrored.

Rate limiting

Specifies the incoming traffic flow to which rate limiting is applied.

Web caching

Specifies which HTTP traffic should always (or never) be redirected to the cache servers.

Specifies characteristics of Web objects that should not be cached.