Configuration notes for acl filtering, Membership, Enabling acl filtering based on – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 130: Vlan membership or ve port membership

device(config-vlan-101)#router-interface ve 101

device(config-vlan-101)#exit

device(config)#enable ACL-per-port-per-vlan

device(config)#ip access-list extended 101

device(config-ext-nacl)#bridged-routed

device(config)#write memory

device(config)#exit

device#reload

...

device(config-vif-101)#ip access group 1 in ethernet 1 ethernet 3 ethernet 4

NOTE
The enable ACL-per-port-per-vlan command must be followed by the write-memory and reload
commands to place the change into effect.

Enabling ACL filtering based on VLAN membership or VE port
membership

NOTE
This section applies to IPv4 ACLs only. IPv6 ACLs do not support ACL filtering based on VLAN
membership or VE port membership. This feature is not applicable to outbound traffic.

You can apply an inbound IPv4 ACL to specific VLAN members on a port (Layer 2 devices only) or to
specific ports on a virtual interface (VE) (Layer 3 Devices only). By default, this feature support is
disabled. To enable it, enter the following commands at the Global CONFIG level of the CLI.

device(config)#enable ACL-per-port-per-vlan

device(config)#write memory

device(config)#exit

device#reload

NOTE
For complete configuration examples, see

Applying an IPv4 ACL to specific VLAN members on a port

(Layer 2 devices only)

on page 131 and

Applying an IPv4 ACL to a subset of ports on a virtual

interface (Layer 3 devices only)

on page 132.

NOTE
For FastIron X Series devices, you must save the configuration and reload the software to place the
change into effect.