beautypg.com

Deleting a comment from an ipv6 acl entry, Support for acl logging – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 166

background image

You can add a comment by entering the remark command immediately preceding an ACL entry, For
example, to enter comments preceding an ACL entry, enter commands such as the following.

device(config)#ipv6 access-list rtr

device(config-ipv6-access-list rtr)# remark This entry permits ipv6 packets from

2001:DB8::2 to any destination

device(config-ipv6-access-list rtr)# permit ipv6 host 2001:DB8::2 any

device(config-ipv6-access-list rtr)# remark This entry denies udp packets from

any source to any destination

device(config-ipv6-access-list rtr)# deny udp any any

device(config-ipv6-access-list rtr)# remark This entry denies IPv6 packets from

any source to any destination

device(config-ipv6-access-list rtr)# deny ipv6 any any

device(config-ipv6-access-list rtr)# write memory

Syntax: remark comment-text

The comment-text can be up to 256 characters in length.

The following shows the comment text for the ACL named "rtr" in a show running-config display.

device#show running-config

ipv6 access-list rtr

remark This entry permits ipv6 packets from 2001:DB8::2 to any destination

permit ipv6 host 2001:DB8::2 any

remark This entry denies udp packets from any source to any destination

deny udp any any

remark This entry denies IPv6 packets from any source to any destination

deny ipv6 any any

Syntax: show running-config

Deleting a comment from an IPv6 ACL entry

To delete a comment from an IPv6 ACL entry, enter commands such as the following.

device(config)#ipv6 access-list rtr

device(config-ipv6-access-list rtr)#no remark This entry permits ipv6 packets

from 2001:DB8::2 to any destination

Syntax: [no] remark comment-text

For comment-text, enter the text exactly as you did when you created the comment.

Support for ACL logging

Brocade devices support ACL logging of inbound packets that are sent to the CPU for processing
(denied packets). ACL logging is not supported for any packets that are processed in hardware
(permitted packets). ACL logging of both denied as well as permitted outbound packets is not
supported.

You may want the software to log entries in the Syslog for inbound packets that are denied by ACL
filters. ACL logging is disabled by default; it must be explicitly enabled on a port. Refer to the ACL
logging section.

Deleting a comment from an IPv6 ACL entry

166

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: