Alcatel-Lucent 6850-48 ネットワークガイド
Modifying Policy Servers
Managing Policy Servers
page 38-6
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
Configuring a Secure Socket Layer for a Policy Server
A Secure Socket Layer (SSL) may be configured between the policy server and the switch. If SSL is
enabled, the PolicyView application can no longer write policies to the LDAP directory server.
enabled, the PolicyView application can no longer write policies to the LDAP directory server.
By default, SSL is disabled. To enable SSL, use the policy server command with the ssl option. For exam-
ple:
ple:
-> policy server 10.10.2.3 ssl
SSL is now enabled between the specified server and the switch. The port number in the switch configura-
tion will be automatically set to 636, which is the port number typically used for SSL; however, the port
number should be configured with whatever port number is set on the server. For information about
configuring the port number, see
tion will be automatically set to 636, which is the port number typically used for SSL; however, the port
number should be configured with whatever port number is set on the server. For information about
configuring the port number, see
To disable SSL, use no ssl with the command:
-> policy server 10.10.2.3 no ssl
SSL is disabled for the 10.10.2.3 policy server. No additional policies may be saved to the directory server
from the PolicyView application.
from the PolicyView application.
Loading Policies From an LDAP Server
To download policies (or rules) from an LDAP server to the switch, use the
command.
Before a server can download policies, it must also be set up and operational (able to bind).
To download policies from the server, enter the following:
-> policy server load
Use the
command to display the last load time. For example:
-> show policy server long
LDAP server 0
IP address
: 10.10.2.3,
TCP port
: 16652,
Enabled
: Yes,
Operational Status
: Down,
Preference
: 99,
Authentication
: password,
SSL
: Disabled,
login DN
: cn=DirMgr
searchbase
: o=company
Last load time
: 02/14/02 16:38:18
Removing LDAP Policies From the Switch
To flush LDAP policies from the switch, use the
command. Note that any policies
configured directly on the switch through the CLI are not affected by this command.
-> policy server flush