How to Enforce ACLs

After ACLs are assigned to interfaces or agent services in ACL Manager, they can be written to the device's active configuration using the Enforce operation. It is important to understand that using ACL Manager to manage and assign ACLs does not change the ACLs on the device until the Enforce operation is used. In ACL Manager you are managing a "view" of your ACL data that is stored in the NetSight database. You then use the Enforce operation to write that data to the device's active configuration.

ACL Manager is configured by default to delete unused ACLs from a device when ACLs are enforced. You can change this behavior by deselecting the Enforce option "Delete Unused ACLs." Refer to ACL Manager Enforce options for more information.

How ACL Names are Determined on a Device

It is important to understand how ACL Manager allocates a new name for an ACL on a device. If you create a new ACL named "new_acl" and assign it to an interface on a device, when you enforce, ACL Manager determines that ACL "new_acl" needs to be copied to the device. If the device only supports numbered ACLs, then "new_acl" would be an invalid name and ACL Manager must assign a new name for the ACL on that device. If the ACL is an extended ACL, then only ACL 100-199 can be used. So, ACL Manager considers using 100. If 100 is already in use, ACL Manager will consider 101. If 101 is excluded (via the Exclude ACL Range option) then ACL Manager will consider 102, 103, 104 and so on, until it finds a number that is not used and not excluded.

To enforce ACLs:

  1. In the Console left-panel tree, select the device, devices, or Device Group that you wish to enforce. Click on the ACL Manager right-panel tab.
  2. Click on the Enforce button . A last-chance message appears before the action is performed. Click Yes to enforce ACLs.

If errors are encountered during the Enforce operation, a message appears indicating an error and details are available from the Event Log. When the enforce action is successful, no messages appear. However, the successful operation is recorded in the Event Log and displayed on the Status Bar.

Related Information

For information on related windows:

For information on related tasks: