I used it to limit the acces the acces to an omniswitch to one mgmt vlan only like
Code: Select all
policy service ftp protocol 6 destination tcp port 21
policy service http protocol 6 destination tcp port 80
policy service https protocol 6 destination tcp port 443
policy service snmp protocol 17 destination udp port 161
policy service ssh protocol 6 destination tcp port 22
policy service telnet protocol 6 destination tcp port 23
policy service group switchmgmt ftp http https snmp ssh
policy service group switchmgmt telnet
policy network group mgmt-net 172.20.51.0 mask 255.255.255.0
policy condition InternalManagement source vlan 51 source network group mgmt-net destination network group Switch service group switchmgmt
policy condition Management destination network group Switch service group switchmgmt
policy action Allow
policy action Block disposition drop
policy rule AllowInternalManagement precedence 300 condition InternalManagement action Allow log
policy rule BlockManagement precedence 200 condition Management action Block log
qos apply
but you will find the solution on this board
http://alcatelunleashed.com/viewtopic.php?f=86&t=6581