Specifications
Alcatel-Lucent Page 25
OmniSwitch 6850 Series
Access Control List Manager (ACLMAN) Access Control List Manager (ACLMAN) is a function of the Quality of Service (QoS) application
that provides an interactive shell for using common industry syntax to create ACLs. Commands
entered using the ACLMAN shell are interpreted and converted to Alcatel CLI syntax that is used for
creating QoS filtering policies.
This implementation of ACLMAN also provides the following features:
• Importing of text files that contain common industry ACL syntax
• Support for both standard and extended ACLs
• Creating ACLs on a single command line
• The ability to assign a name, instead of a number, to an ACL or a group of ACL entries
• Sequence numbers for named ACL statements
• Modifying specific ACL entries without having to enter the entire ACL each time to make a change
• The ability to add and display ACL comments
• ACL logging extensions to display Layer 2 through 4 packet information associated with an ACL
ACLMAN Overview:
ACLMAN is a function of the Alcatel QoS system that allows network administrators to configure and
manage ACLs using common industry syntax. ACLs configured using ACLMAN are transparently
converted into Alcatel QoS filtering policies and applied to the switch.
An ACLMAN interactive shell provides an ACL command line interface that is similar to command
interfaces that are available on other industry platforms. This shell serves as a configuration tool for
creating ACLs using common industry syntax commands and/or importing industry syntax from text
files.
The following industry ACL types and features are supported with this implementation of ACLMAN:
• Standard ACL. This type of ACL compares the source address of a packet to the source address
specified in the ACL.
• Extended ACL. This type of ACL compares the source and destination address of a packet to the
source and destination address specified in the ACL. Also provides additional criteria for filtering
packets.
• Numbered ACL. This type of ACL refers to standard or extended ACLs that are assigned a number
for identification.
• Named ACL. This type of ACL refers to standard or extended ACLs that are assigned a name for
identification.
The following industry ACL types are currently not supported:
• Reflexive ACLs
• Context-Based Access Control
• Authentication Proxy
• Lock and Key (Dynamic ACLs)
ACMAN Defaults:
ACLMAN Defaults:
ACL Disposition: Deny
Logging rate time interval: 30 seconds
D
D
D
i
i
i
s
s
s
t
t
t
r
r
r
i
i
i
b
b
b
u
u
u
t
t
t
e
e
e
d
d
d
I
I
I
n
n
n
t
t
t
e
e
e
l
l
l
l
l
l
i
i
i
g
g
g
e
e
e
n
n
n
c
c
c
e
e
e
The AOS OmniSwitch product family has been designed to bring intelligence to an Enterprise network by implementing a host of intelligent features and
services. Carrier-class intelligence insures that users and applications receive the priority and performance they need with ease-of-use management that extends
across the entire enterprise. The OS6850 provides the necessary hardware queues, intelligence and granularity to properly identify, mark and prioritize data
flows ensuring mission critical applications running smoothly.
The following is only a highlight of the state-of-the-art intelligent features supported by the OmniSwitch 6850 Series:
VLAN Support:
o 1024 VLANs, and 4,094 VLAN tags value support 4.3.12
o Per port, 802.1Q and policy based VLAN including authentication VLAN (A-VLAN) 4.1.11
Residential bridging features: DHCP option-82, DHCP-Snooping and Port Mapping
Quality of Service
o IEEE 802.1p, ToS, DSCP marking 4.1.8, 4.1.9
o QoS mapping: 802.1p to 802.1p & ToS & DSCP, ToS to ToS & 802.1p & DSCP, DSCP to DSCP & 802.1p & ToS
o Classification per port, 802.1p(CoS) value, MAC SA/DA, TOS precedence, DSCP value, IP SA/DA, TCP/UDP port range
o 8 egress queues per port to support strict and hybrid queuing (strict + weighted round robin queuing algorithm).
o Ingress bandwidth rate limiting per port/flow in 64k increments
o Egress bandwidth rate limiting per port in 1Mbps increments
Routing Protocols
o IPv4 & IPv6, RIPv1/v2 & OSPF & OSPF-ECMP & BGP & VRRP & PIM-SMv2 & & PIM-SSM & DVMRPv3 4.3.10
VLANs In a flat-bridged network, a broadcast domain is confined to a single LAN segment or even a specific
physical location, such as a department or building floor. In a switch-based network, such as one
comprised of Alcatel-Lucent switching systems, a broadcast domain—or VLAN— can span multiple
physical switches and can include ports from a variety of media types. For example, a single VLAN
could span three different switches located in different buildings and include 10/100 Ethernet, Gigabit