Configuring Acls; Acl Configuration Methods And Guidelines - Alcatel-Lucent OmniSwitch 6800 Series Network Configuration Manual

Configuring ACLs

Configuring ACLs
This section describes using ACLMAN functionality to configure and apply common industry ACLs on an
Alcatel-Lucent switch. For more information about using the Alcatel-Lucent CLI to configure and manage
ACLs, see Chapter 24, "Configuring QoS,".
To configure a common industry ACL, the following general steps are required:
1
Create an ACL. Use Global Configuration Mode commands to create numbered or named standard
and extended ACLs. In addition, importing of ACL text files is also supported. See
Methods and Guidelines" on page 28-16
2
Apply the ACL to a switch interface. Use the interface command in the Global Configuration Mode
to associate an ACL as an incoming or outgoing filter for a specific switch interface.
3
Save the ACL configuration. Use the write memory command in the Privileged Exec Mode to save
the ACL configuration to the aclman.cfg file. See
more information.
For a quick tutorial on how to configure ACLs, see
description of ACLMAN command modes and syntax, see
page 28-8.

ACL Configuration Methods and Guidelines

When the ACLMAN shell is initiated, the Privileged Exec Mode is automatically activated. To begin the
process of configuring ACL statements using the interactive shell, enter the configure terminal command.
This command invokes the Global Configuration Mode.
In the Global Configuration Mode commands are available to define ACL statements, assign ACLs to a
number or name for identification, and associate ACLs with switch interfaces. Additional ACL parame-
ters and functions, such as adding remarks, renumbering entries, configuring a time range for an ACL, or
activating ACL logging are also configured with commands accessible through the Global Configuration
Mode.
Once an ACL is created and associated with an interface, return to the Privileged Exec Mode to save the
configuration. In this mode, show commands are also available to display ACL configuration information.
See "ACLMAN Modes and Commands" on page 28-8
In addition to directly entering ACL statements using the interactive shell, ACLMAN provides the follow-
ing methods for entering common industry ACL statements into the running configuration:
•
Editing the ACLMAN startup configuration file (aclman.cfg). See
tion File" on page 28-20
•
Importing text files containing common industry ACL syntax. See
page 28-21 for more information.
Note the following when configuring ACLs:
•
There is an implicit deny any statement at the end of each ACL. Any traffic that is not specifically
permitted by an ACL is denied access. If there are no ACLs assigned to an interface, then the default
disposition is applied, which is set using the Alcatel-Lucent CLI qos default disposition command.
•
Both incoming and outgoing ACLs are supported on the same port.
•
If a wildcard mask is not specified for an IP address used in an ACL, the mask value defaults to 0.0.0.0.
page 28-16
for more information.
"Saving the ACL Configuration" on page 28-20
"Quick Steps for Creating ACLs" on page
for more information.
OmniSwitch 6800/6850/9000 Network Configuration Guide
"ACLMAN Modes and Commands" on
for more information.
"Editing the ACLMAN Configura-
"Importing ACL Text Files" on
Using ACL Manager
"ACL Configuration
for
28-3. For a
March 2008