beautypg.com

Configuration example for standard numbered acls, Standard named acl configuration, Standard named acl syntax – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 109

background image

The log argument configures the device to generate Syslog entries and SNMP traps for inbound
packets that are denied by the access policy.

The in | out parameter applies the ACL to incoming or outgoing traffic on the interface to which you
apply the ACL. You can apply the ACL to an Ethernet port, or virtual interface.

NOTE
If the ACL is for a virtual routing interface, you also can specify a subset of ports within the VLAN
containing that interface when assigning an ACL to the interface.

Configuration example for standard numbered ACLs

To configure a standard ACL and apply it to incoming traffic on port 1/1, enter the following commands.

device(config)#access-list 1 deny host 10.157.22.26 log

device(config)#access-list 1 deny 10.157.29.12 log

device(config)#access-list 1 deny host IPHost1 log

device(config)#access-list 1 permit any

device(config)#int eth 1/1

device(config-if-1/1)#ip access-group 1 in

device(config)#write memory

The commands in this example configure an ACL to deny packets from three source IP addresses from
being received on port 1/1. The last ACL entry in this ACL permits all packets that are not explicitly
denied by the first three ACL entries.

Standard named ACL configuration

This section describes how to configure standard named ACLs with alphanumeric IDs. This section also
provides configuration examples.

Standard ACLs permit or deny packets based on source IP address. You can configure up to 99
standard named ACLs. There is no limit to the number of ACL entries an ACL can contain except for the
system-wide limitation. For the number of ACL entries supported on a device, refer to

ACL IDs and

entries

on page 104.

The commands for configuring named ACL entries are different from the commands for configuring
numbered ACL entries. The command to configure a numbered ACL is access-list . The command for
configuring a named ACL is ip access-list . In addition, when you configure a numbered ACL entry,
you specify all the command parameters on the same command. When you configure a named ACL,
you specify the ACL type (standard or extended) and the ACL name with one command, which places
you in the configuration level for that ACL. Once you enter the configuration level for the ACL, the
command syntax is the same as the syntax for numbered ACLs.

Standard named ACL syntax

Syntax: [no] ip access-list standard {ACL-name | ACL-num } { deny | permit } { source-ip | hostname
wildcard } [ log ]

or

Syntax: [no] ip access-list standard {ACL-name | ACL-num } { deny | permit } { source-ip/mask-bits |
hostname } [ log ]

Configuration example for standard numbered ACLs

FastIron Ethernet Switch Security Configuration Guide

109

53-1003088-03

See also other documents in the category Brocade Computer Accessories: