Modifying Policy Servers Managing Policy Servers
page 23-6 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring a Secure Socket Layer for a Policy Server
A Secure Socket Layer (SSL) may be configured between the policy server and the switch. If SSL is
enabled, the PolicyView application can no longer write policies to the LDAP directory server.
By default, SSL is disabled. To enable SSL, use the policy server command with the ssl option. For exam-
ple:
-> policy server 10.10.2.3 ssl
SSL is now enabled between the specified server and the switch. The port number in the switch configura-
tion will be automatically set to 636, which is the port number typically used for SSL; however, the port
number should be configured with whatever port number is set on the server. For information about
configuring the port number, see “Modifying the Port Number” on page 23-5.
To disable SSL, use no ssl with the command:
-> policy server 10.10.2.3 no ssl
SSL is disabled for the 10.10.2.3 policy server. No additional policies may be saved to the directory server
from the PolicyView application.
Loading Policies From an LDAP Server
To download policies (or rules) from an LDAP server to the switch, use the policy server load command.
Before a server can download policies, it must also be set up and operational (able to bind).
To download policies from the server, enter the following:
-> policy server load
Use the show policy server long command to display the last load time. For example:
-> show policy server long
LDAP server 0
IP address : 10.10.2.3,
TCP port : 16652,
Enabled : Yes,
Operational Status : Down,
Preference : 99,
Authentication : password,
SSL : Disabled,
login DN : cn=DirMgr
searchbase : o=company
Last load time : 02/14/02 16:38:18
Removing LDAP Policies From the Switch
To flush LDAP policies from the switch, use the policy server flush command. Note that any policies
configured directly on the switch through the CLI are not affected by this command.
-> policy server flush