Alcatel-Lucent 6850-48 网络指南
Configuring ACLs
Using ACL Manager
page 39-16
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
Configuring ACLs
This section describes using ACLMAN functionality to configure and apply common industry ACLs on an
Alcatel-Lucent switch. For more information about using the Alcatel-Lucent CLI to configure and manage
ACLs, see Chapter 24, “Configuring QoS,”.
Alcatel-Lucent switch. For more information about using the Alcatel-Lucent CLI to configure and manage
ACLs, see Chapter 24, “Configuring QoS,”.
To configure a common industry ACL, the following general steps are required:
1 Create an ACL. Use Global Configuration Mode commands to create numbered or named standard
and extended ACLs. In addition, importing of ACL text files is also supported. See
and extended ACLs. In addition, importing of ACL text files is also supported. See
for more information.
2 Apply the ACL to a switch interface. Use the interface command in the Global Configuration Mode
to associate an ACL as an incoming or outgoing filter for a specific switch interface.
to associate an ACL as an incoming or outgoing filter for a specific switch interface.
3 Save the ACL configuration. Use the write memory command in the Privileged Exec Mode to save
the ACL configuration to the aclman.cfg file. See
the ACL configuration to the aclman.cfg file. See
for
more information.
For a quick tutorial on how to configure ACLs, see
. For a
description of ACLMAN command modes and syntax, see
ACL Configuration Methods and Guidelines
When the ACLMAN shell is initiated, the Privileged Exec Mode is automatically activated. To begin the
process of configuring ACL statements using the interactive shell, enter the configure terminal command.
This command invokes the Global Configuration Mode.
process of configuring ACL statements using the interactive shell, enter the configure terminal command.
This command invokes the Global Configuration Mode.
In the Global Configuration Mode commands are available to define ACL statements, assign ACLs to a
number or name for identification, and associate ACLs with switch interfaces. Additional ACL parame-
ters and functions, such as adding remarks, renumbering entries, configuring a time range for an ACL, or
activating ACL logging are also configured with commands accessible through the Global Configuration
Mode.
number or name for identification, and associate ACLs with switch interfaces. Additional ACL parame-
ters and functions, such as adding remarks, renumbering entries, configuring a time range for an ACL, or
activating ACL logging are also configured with commands accessible through the Global Configuration
Mode.
Once an ACL is created and associated with an interface, return to the Privileged Exec Mode to save the
configuration. In this mode, show commands are also available to display ACL configuration information.
See
configuration. In this mode, show commands are also available to display ACL configuration information.
See
for more information.
In addition to directly entering ACL statements using the interactive shell, ACLMAN provides the follow-
ing methods for entering common industry ACL statements into the running configuration:
ing methods for entering common industry ACL statements into the running configuration:
• Editing the ACLMAN startup configuration file (aclman.cfg). See
for more information.
• Importing text files containing common industry ACL syntax. See
for more information.
Note the following when configuring ACLs:
• There is an implicit deny any statement at the end of each ACL. Any traffic that is not specifically
permitted by an ACL is denied access. If there are no ACLs assigned to an interface, then the default
disposition is applied, which is set using the Alcatel-Lucent CLI qos default disposition command.
disposition is applied, which is set using the Alcatel-Lucent CLI qos default disposition command.
• Both incoming and outgoing ACLs are supported on the same port.
• If a wildcard mask is not specified for an IP address used in an ACL, the mask value defaults to 0.0.0.0.