10
452 Nokia Network Voyager for IPSO 4.0 Reference Guide
4. To remove an ACL from an interface:
a. Select Delete for the appropriate interface in the Selected Interfaces table
b. Click Apply.
The interface disappears from the Selected Interfaces section.
5. To make your changes permanent, click Save.
Configuring ACL Rules
An Access Control List (ACL) is a container for a set of rules, and traffic is separated into packet
streams by the ACL. The content and ordering of the rules is critical. As packets are passed to an
ACL, the packet headers are compared against data in the rule in a top-down fashion. When a
match is found, the action associated with that rule is taken, with no further scanning done for
that packet.
The following actions can be associated with a rule that is configured to perform packet filtering:
Accept
Drop
Reject
The following additional actions can also be associated with a rule:
Skip—skip this rule and proceed to the next rule
Prioritize—give this traffic stream preferential scheduling on output
Shape—coerce this traffic’s throughput according to the set of parameters given by an
aggregation class
You can configure an access list to control the traffic from one or more interfaces and each
access list can be associated with incoming or outgoing traffic from each interface. However, the
prioritize action is only executed on outgoing traffic.
Rules can be set up to match any of these properties:
IP source address
IP destination address
IP protocol
UDP/TCP source port
UDP/TCP destination port
TCP establishment flags—When selected, traffic matches this rule when it is part of the
initial TCP handshake.
Type of Service (TOS) for IPv4; Traffic Class for IPv6
The following values can be used to mark traffic:
DiffServ codepoint (DSfield)
Queue Specifier (QueueSpec)