AACL Overview

The application-aware access list (AACL) service adds support for a new service that uses application names and groups as matching criteria for filtering traffic. AACL is a stateless, rules-based service that must be combined with application identification to enable policies to be applied to flows based on application and application group membership in addition to traditional packet matching rules. It is currently supported only on MX Series routers equipped with Multiservices DPCs.

AACL is configured in a similar way to other rules-based services such as Network Address Translation (NAT), class of service (CoS), and stateful firewall. To configure AACL, include rule specifications for match criteria and actions at the [edit services aacl] hierarchy level. You can chain AACL rules along with other service rules by including them in a service-set definition at the [edit services service-set] hierarchy level, as previously documented.

There is one pair of related operational commands, show/clear application-aware-access-list statistics.

For more information on the CLI configuration, see the Application-Aware Access List. For more information on the operational command, see the Junos System Basics and Services Command Reference.

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.