Specifications
OmniAccess Reference: AOS-W System Reference
62 Part 031652-00 May 2005
CLI Configuration for User Roles
Sample CLI configuration follows for two different user roles. One is used for
IT staff who have full access to the entire network, normally use VPN access,
and have no bandwidth limitations. The other role is used for guest users.
Guests must reauthenticate every 30 minutes, have a 1Mbps rate limiting
policy applied, and have a restricted traffic policy that allows only Internet
access.
user-role IT-staff
dialer IT-staff
pool l2tp pool3
pool pptp pool3
session-acl allowall
!
user-role guest
bandwidth-contract guest-1M
vlan 2
reauthentication-interval 30
session-acl Internet_Only
Firewall and Traffic Policies
Introduction to Firewall and Traffic Policies
A “traffic policy” is a term used to describe a stateful flow-classification rule. In
other words, a traffic policy identifies specific characteristics about a data
packet passing through the switch, then takes some action based on that
identification. In an Alcatel switch, the action could be a firewall-type action
such as permitting or denying the packet, an administrative action such as
logging the packet, or a quality of service (QoS) type action such as setting
Diffuser or 802.1p bits or placing the packet into a priority queue. Traffic
policies can be applied to users, giving differential treatment to different users
on the same network, or to physical ports, applying the same policy to all
traffic through that port.
Traffic policies are often confused with access control lists (ACLs), but the two
have some major differences:
Traffic policies are stateful, meaning they understand flows in a network and
keep track of the state of sessions. If a policy is enabled to allow telnet
outbound from a client, a traffic policy will understand that inbound traffic
associated with that session should be allowed. ACLs have no memory of