Manualshelf

User guide

ManualsBrandsAlcatel ManualsComputer equipmentOS6855-24
21222324252627282930
September 2009
Page 26 of 79 OmniSwitch 6400/6850/6855/9000/9000E—Release 6.4.2.R01
ACL Manager
The Access Control List Manager (ACLMAN) is a function of the Quality of Service (QoS)
application that provides an interactive shell for using common industry syntax to create ACLs.
Commands entered using the ACLMAN shell are interpreted and converted to Alcatel-Lucent CLI
syntax that is used for creating QoS filtering policies.
This implementation of ACLMAN also provides the following features:
Importing of text files that contain common industry ACL syntax.
Support for both standard and extended ACLs.
Creating ACLs on a single command line.
The ability to assign a name, instead of a number, to an ACL or a group of ACL entries.
Sequence numbers for named ACL statements.
Modifying specific ACL entries without having to enter the entire ACL each time to make a
change.
The ability to add and display ACL comments.
ACL logging extensions to display Layer 2 through 4 packet information associated with an
ACL.
Account & Password Policies
This feature allows a switch administrator to configure password policies for password creation and
management. The administator can configure how often a password must be changed, lockout settings
for failed attempts, password complexity, history, and age as well as other account management
settings.
ARP Defense Optimization
This feature enchances how the OmniSwitch can respond to an ARP DoS attack by not adding entires to
the forwarding table until the net hop ARP entry can be resolved.
Authenticated Switch Access
Authenticated Switch Access (ASA) is a way of authenticating users who want to manage the switch.
With authenticated access, all switch login attempts using the console or modem port, Telnet, FTP,
SNMP, or HTTP require authentication via the local user database or via a third-party server. The type
of server may be an authentication-only mechanism or an authentication, authorization, and accounting
(AAA) mechanism.
AAA servers are able to provide authorization for switch management users as well as authentication.
(They also may be used for accounting.) User login information and user privileges may be stored on
the servers. The following AAA servers are supported on the switch:
Remote Authentication Dial-In User Service (RADIUS). Authentication using this type of
server was certified with Funk/Juniper Steel Belted RADIUS server (any industry standard
RADIUS server should work).
Lightweight Directory Access Protocol (LDAP).
Terminal Access Controller Access Control System (TACACS+).
Authentication-only servers are able to authenticate users for switch management access, but authoriza-
tion (or what privileges the user has after authenticating) are determined by the switch. Authentication-
only servers cannot return user privileges to the switch. The authentication-only server supported by