Specifications
OmniAccess Reference: AOS-W System Reference
72 Part 031652-00 May 2005
permit icmp 1.1.1.0 0.0.0.255 any echo-reply
The example above permits TCP traffic from any host to 1.1.1.1 on ports 67
through 69. It also permits ICMP echo-replies from the 1.1.1.0/24 subnet to
any network.
MAC ACLs
A MAC ACL is used to filter on a specific source MAC address or range of
MAC addresses. MAC ACLs can be either named or numbered, with valid
numbers in the range of 700 to 799 and 1200 to 1299.
Sample configuration:
ip access-list mac 700
permit host 00:01:01:04:cf:b2
permit 00:03:01:00:00:00 ff:ff:ff:00:00:00
The sample above permits a specific host with MAC address
00:01:01:04:cf:b2. Also permits any MAC address with the prefix of 00:03:01.
Ethertype ACLs
Ethertype ACLs are used to filter based on the ethertype field in the frame
header. These ACLs could be used, for example, to permit IP while blocking
other non-IP protocols such as IPX or AppleTalk. Ethertype ACLs can be named
or numbered, with valid numbers in the range of 200 to 299.
Sample configuration:
ip access-list eth IP-only
permit 2048
The above ACL permits only IP traffic. IP is ethertype 0x800 (hex) or 2048
(decimal). The ethertype can also be entered in hex using “0x” to precede the
ethertype value.
Authentication and Accounting Servers
All strong authentication methods (meaning that the user identity is validated)
must use some type of authentication server. In an Alcatel switch, the
authentication server may be an internal database, or may be an external
RADIUS or LDAP server. MAC address “authentication” also can make use of
an authentication server, simplifying access control when many
MAC-authenticated devices (such as VoIP handsets) are used in a network.