Chapter 15
Configuring Access Control
If you cannot write the configuration to flash memory, you must copy the configuration to a file, make
Note
additional room available in flash memory, and then try to write the VACL and QoS ACL configuration
to flash memory.
At system startup, if the VACL and QoS ACL configuration location is set to flash memory but either
the CONFIG_FILE variable is not set or none of the files specified exist, this syslog message displays:
1999 Sep 01 17:00:00 %SYS-0-CFG_FLASH_ERR:ACL configuration set to flash but no ACL
configuration file found.
Running with the VACL and QoS ACL Configuration in Flash Memory
After you move the VACL and QoS ACL configuration to flash memory, the QoS ACLs and VACL
commit operations are no longer written to NVRAM. You have to copy the configuration to the flash file
manually as follows:
•
•
Moving the VACL and QoS ACL Configuration Back to NVRAM
This example shows how to move the VACL and QoS ACL configuration back to NVRAM:
Console> (enable) set config acl nvram
ACL configuration copied to NVRAM.
Console> (enable)
Console> (enable) clear boot auto-config
CONFIG_FILE variable =
Console> (enable)
Redundancy Synchronization Support
The set boot commands contain an option to synchronize the auto-config file automatically.
When you enable the auto-config option, if the VACL and QoS ACL configuration resides in flash
memory, the auto-config file on the active supervisor engine is automatically synchronized to the
standby supervisor engine whenever a change is made. For example, deleting the auto-config file on the
active supervisor engine causes the file to be deleted on the standby supervisor engine. Similarly, if you
insert a new standby supervisor engine, the active supervisor engine automatically synchronizes the
auto-config file.
OL-8978-04
If you use the set boot config-register auto-config append option, the configuration from the
auto-config file is appended to the NVRAM configuration. You then only have to copy the VACL
and QoS ACL configuration to this file after the commit operations.
If you do not use the set boot config-register auto-config append option, the auto-config feature
clears the configuration before executing the auto-config file at system startup. Any changes made
in NVRAM are lost. You should always copy your entire configuration (not just the VACL and QoS
ACL configuration) to the auto-config file when you want to save it.
Configuring and Storing VACLs and QoS ACLs in Flash Memory
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
15-67