Alcatel-Lucent 6850-48 Network Guide
Configuring ACLs
Using ACL Manager
page 39-20
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
20 permit tcp host 11.22.3.1 any
30 permit ip any 172.10.5.0 0.0.255.255
In the above example, the deny tcp any any entry was assigned sequence number 15, which positioned
the entry between statements 10 and 20.
the entry between statements 10 and 20.
Applying an ACL to an Interface
The interface command in the Global Configuration Mode is used to apply an ACL as an incoming or
outgoing filter to one or more switch interfaces. This command identifies the interface and then invokes
the Interface Configuration Mode to associate ACLs with the specified interface. For example, the follow-
ing commands apply the Test2 ACL to Ethernet port 3/2 to filter incoming traffic:
outgoing filter to one or more switch interfaces. This command identifies the interface and then invokes
the Interface Configuration Mode to associate ACLs with the specified interface. For example, the follow-
ing commands apply the Test2 ACL to Ethernet port 3/2 to filter incoming traffic:
Aclman(config)#interface ethernet 3/2
Aclman(config-if)#ip access-group Test2 in
Note. Note that ACLs are not applied to the switch until they are associated with a switch interface.
Saving the ACL Configuration
The ACLMAN running configuration is maintained in memory only. To save this configuration use the
write memory command in the Privileged Exec Mode. When this command is invoked, ACLMAN writes
the ACL statements that comprise the running configuration to the aclman.cfg file, which is located in the
flash file system on the switch.
write memory command in the Privileged Exec Mode. When this command is invoked, ACLMAN writes
the ACL statements that comprise the running configuration to the aclman.cfg file, which is located in the
flash file system on the switch.
The aclman.cfg file is read by ACLMAN when the switch is rebooted or a configure replace command is
performed in the Privileged Exec Mode. See
performed in the Privileged Exec Mode. See
for more information.
Note. Issuing a write memory command is required to preserve the ACLMAN running configuration
across switch reboots.
across switch reboots.
Editing the ACLMAN Configuration File
Another method for configuring ACLs involves using a text editor to edit the contents of the ACLMAN
configuration file (aclman.cfg). This file is located in either the /flash/working or /flash/certified direc-
tory in the switch flash file system. The updated ACL configuration is then loaded into the running config-
uration on the next reboot of the switch or when the configure replace command is performed.
configuration file (aclman.cfg). This file is located in either the /flash/working or /flash/certified direc-
tory in the switch flash file system. The updated ACL configuration is then loaded into the running config-
uration on the next reboot of the switch or when the configure replace command is performed.
The configure replace command is available in the Privileged Exec Mode of the interactive shell. Using
this command triggers a read of the aclman.cfg file while the shell is still active. ACLMAN then replaces
the entire ACLMAN running configuration with the new configuration that was obtained by reading the
entire contents of the updated aclman.cfg file.
this command triggers a read of the aclman.cfg file while the shell is still active. ACLMAN then replaces
the entire ACLMAN running configuration with the new configuration that was obtained by reading the
entire contents of the updated aclman.cfg file.
Note that any errors encountered when the aclman.cfg file is read by ACLMAN are logged to an
aclman.cfg.1.err file on the switch. If this file already exists, then the error filename number is incre-
mented by a value of one (e.g., aclman.cfg.2.err, aclman.cfg.3.err) for each new error log file that is
created.
aclman.cfg.1.err file on the switch. If this file already exists, then the error filename number is incre-
mented by a value of one (e.g., aclman.cfg.2.err, aclman.cfg.3.err) for each new error log file that is
created.