Chapter 17: Access Control List Configuration Guide264 SmartSwitch Router User Reference ManualThe following SSR features use ACL profiles:Note the following about using Profile ACLs:• Only IP ACLs can be used as Profile ACLs. ACLs for non-IP protocols cannot be usedas Profile ACLs.• The permit/deny keywords, while required in the ACL rule definition, are disregardedin the configuration commands for the above-mentioned features. In other words, theconfiguration commands will act upon a specified Profile ACL whether or not theProfile ACL rule contains the permit or deny keyword.• Unlike with other kinds of ACLs, there is no implicit deny rule for Profile ACLs.• Only certain ACL rule parameters are relevant for each configuration command. Forexample, the configuration command to create NAT address pools for dynamicbindings (the nat create dynamic command) only looks at the source IP address in thespecified ACL rule. The destination IP address, ports, and TOS parameters, if specified,are ignored.Specific usage of Profile ACLs is described in more detail in the following sections.Using Profile ACLs with the IP Policy FacilityThe IP policy facility uses a Profile ACL to define criteria that determines which packetsshould be forwarded according to an IP policy. Packets that meet the criteria defined inthe Profile ACL are forwarded according to the ip-policy command that references theProfile ACL.For example, you can define an IP policy that causes all telnet packets travelling fromsource network 9.1.1.0/24 to destination network 15.1.1.0/24 to be forwarded todestination address 10.10.10.10. You use a Profile ACL to define the selection criteria (inthis case, telnet packets travelling from source network 9.1.1.0/24 to destination networkSSR Feature ACL Profile UsageIP policy Specifies the packets that are subject to the IP routing policy.Dynamic NAT Defines local address pools for dynamic bindings.Port mirroring Defines traffic to be mirrored.Rate limiting Specifies the incoming traffic flow to which rate limiting isapplied.Web caching Specifies which HTTP traffic should always (or never) beredirected to the cache servers.Specifies characteristics of Web objects that should not be cached.