, to save the update(s) to the LDAP Server, then click on the Notify All button to apply the policy to all of the switches in the network. The PolicyView One Touch ACLs Screen displays all of the Network Groups that have been configured with a One Touch ACL Policy, as well as the Accessibility configured for the policy (Accept/Drop), and status of the policy on the LDAP Server.
The screen is used to create, edit, or delete a One Touch ACL Policy for a Network Group.
Click on the Create icon. Select an existing Network Group from the ACL IP Server Group drop-down menu, and an Accessibility option for the group (Accept/Drop), and click Create. The One Touch ACL Policy will appear in the table with the Status "Unsaved". Click on the Save icon to save the Policy to the LDAP Server. The Priority selected will be applied to all Data Servers in the list. When you are finished, click on the Notify All button to apply the policy to all of the switches in the network.
Important Note: Clicking the Notify All button causes all QoS-enabled switches to flush their policy tables and reload policies from the LDAP Server, which is very expensive in terms of switch resources and time. If any One Touch ACL Policy has already been defined, the switch(es) to which the policy is assigned will also re-cache its policy tables. It is recommended that you verify all policies that you have created and apply them at the same time to minimize switch downtime.
Note: You can also click the Add icon to go to the Groups application and create a new Network Group, before returning to this screen to select it.
When you click the Notify All button, the policy(ies) is applied to all switches in the network. To view the status of the re-cache operation, click on the Status button to view the Devices Pending Notification Table. In addition, you can view the success or failure of the re-cache operation for each switch in the policy.log file of the Audit application, including an indication of any error that may have occurred. Any errors that occur will also be reported in the server.txt file, in the Audit application. Note that the re-cache operation for each switch occurs in a separate thread and may take some time.
Select the policy and click the Edit icon. Edit the Accessibility Field (Accept/Drop), click Update. The policy will appear in the table with the Status "Unsaved". If necessary, repeat to edit additional entries in the list. You cannot edit the ACL IP Server Group. When you are finished, click on the Save icon , to save the update(s) to the LDAP Server, then click on the Notify All button to apply the policy to all of the switches in the network.
Important Note: Clicking Notify All causes all QoS-enabled switches to flush their policy tables and reload policies from the LDAP Server, which is very expensive in terms of switch resources and time. If any One Touch ACL policy has already been defined, the switch(es) to which the policy is assigned will also re-cache its policy tables. It is recommended that you verify all policies that you have edited and apply them at the same time to minimize switch downtime.
To delete a policy(ies), select the policy(ies) in the table and click on the Delete icon, then click OK at the confirmation prompt. When you click the OK button:
Let's say we have selected Data Center Switches as the Network Group and Accept as the accessibility option. When saved, the following policies are created and written to the LDAP Server:
OneTouchAR$SData Center Switches
Condition specifies traffic originating from source IP Network group 'data center switches'
Action specifies accept as the disposition for this traffic
OneTouchAR$DData Center Switches
Condition specifies traffic transmitted to destination IP Network group 'data center switches'
Action specifies accept as the disposition for this traffic
Note: Names beginning with "OneTouchAR" are the names used for the One Touch ACL policies in the LDAP repository.