Aclman Overview; Aclman Configuration File - Alcatel-Lucent OmniSwitch 6800 Series Network Configuration Manual

Using ACL Manager

ACLMAN Overview

ACLMAN is a function of the Alcatel-Lucent QoS system that allows network administrators to config-
ure and manage ACLs using common industry syntax. ACLs configured using ACLMAN are transpar-
ently converted into Alcatel-Lucent QoS filtering policies and applied to the switch.
An ACLMAN interactive shell provides an ACL command line interface that is similar to command inter-
faces that are available on other industry platforms. This shell serves as a configuration tool for creating
ACLs using common industry syntax commands and/or importing industry syntax from text files. See
"Using the ACLMAN Shell" on page 28-7
The following industry ACL types and features are supported with this implementation of ACLMAN:
•
Standard ACL. This type of ACL compares the source address of a packet to the source address spec-
ified in the ACL.
•
Extended ACL. This type of ACL compares the source and destination address of a packet to the
source and destination address specified in the ACL. Also provides additional criteria for filtering
packets.
•
Numbered ACL. This type of ACL refers to standard or extended ACLs that are assigned a number
for identification.
•
Named ACL. This type of ACL refers to standard or extended ACLs that are assigned a name for
identification.
The following industry ACL types are currently not supported:
•
Reflexive ACLs
•
Context-Based Access Control
•
Authentication Proxy
•
Lock and Key (Dynamic ACLs)

ACLMAN Configuration File

ACLMAN maintains a running configuration and a startup configuration. The running configuration
resides in memory and is modified through the interactive shell. The startup configuration is saved in the
aclman.cfg file on the switch. ACLMAN looks for this file to obtain its initial configuration when the
switch is rebooted or the ACLMAN configure replace command is used to load a new configuration.
The ACLMAN write memory command is used to save the running configuration to the aclman.cfg file.
If the aclman.cfg file does not exist when the ACLMAN shell is initialized, ACLMAN creates the file
with the first write memory command issued to save the running configuration.
Note. Issuing a write memory command is required to preserve the ACLMAN running configuration
across switch reboots.
Editing the aclman.cfg file is possible using a text editor and also provides an additional method for load-
ing ACL statements into the ACLMAN running configuration. For more information, see
ACLMAN Configuration File" on page
OmniSwitch 6800/6850/9000 Network Configuration Guide
for more information.
28-20.
March 2008
ACLMAN Overview
"Editing the
page 28-5