Alcatel-Lucent 6850-48 Guida Di Rete

Modifying Policy Servers

Managing Policy Servers

page 38-6

OmniSwitch AOS Release 6 Network Configuration Guide

A Secure Socket Layer (SSL) may be configured between the policy server and the switch. If SSL is 
enabled, the PolicyView application can no longer write policies to the LDAP directory server.

By default, SSL is disabled. To enable SSL, use the policy server command with the ssl option. For exam-
ple:

-> policy server 10.10.2.3 ssl

SSL is now enabled between the specified server and the switch. The port number in the switch configura-
tion will be automatically set to 636, which is the port number typically used for SSL; however, the port 
number should be configured with whatever port number is set on the server. For information about 
configuring the port number, see 

To disable SSL, use no ssl with the command:

-> policy server 10.10.2.3 no ssl

SSL is disabled for the 10.10.2.3 policy server. No additional policies may be saved to the directory server 
from the PolicyView application.

To download policies (or rules) from an LDAP server to the switch, use the 

 command. 

Before a server can download policies, it must also be set up and operational (able to bind).

To download policies from the server, enter the following:

-> policy server load

Use the 

 command to display the last load time. For example:

-> show policy server long

LDAP server 0

IP address

: 10.10.2.3,

TCP port

: 16652,

Enabled

: Yes,

Operational Status

: Down,

Preference

: 99,

Authentication

: password,

SSL

: Disabled,

login DN

: cn=DirMgr

searchbase

: o=company

Last load time

: 02/14/02 16:38:18

To flush LDAP policies from the switch, use the 

 command. Note that any policies 

configured directly on the switch through the CLI are not affected by this command.

-> policy server flush