beautypg.com

Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 6

background image

Applying an IPv4 ACL to a subset of ports on a virtual interface

(Layer 3 devices only)............................................................... 132

ACLs to filter ARP packets..........................................................................132

Configuration considerations for filtering ARP packets...................133
Configuring ACLs for ARP filtering..................................................133
Displaying ACL filters for ARP........................................................ 134
Clearing the filter count................................................................... 134

Filtering on IP precedence and ToS values................................................ 134

TCP flags - edge port security.........................................................135

QoS options for IP ACLs.............................................................................135

Configuration notes for QoS options on FCX and ICX devices...... 136
Using an ACL to map the DSCP value (DSCP CoS mapping)....... 136
Using an IP ACL to mark DSCP values (DSCP marking)...............137
DSCP matching...............................................................................140

ACL-based rate limiting...............................................................................140
ACL statistics.............................................................................................. 140
ACL accounting...........................................................................................141

Configuring IPv4 ACL accounting................................................... 141

ACLs to control multicast features.............................................................. 142
Enabling and viewing hardware usage statistics for an ACL...................... 142
Displaying ACL information.........................................................................143
Troubleshooting ACLs.................................................................................144
Policy-based routing (PBR).........................................................................144

Configuration considerations for policy-based routing.................... 144
Configuring a PBR policy................................................................ 145
Configuring the ACLs......................................................................145
Configuring the route map...............................................................147
Enabling PBR..................................................................................148
Configuration examples for policy based routing............................ 149
Basic example of policy based routing............................................149
Setting the next hop........................................................................ 149
Setting the output interface to the null interface..............................150
Trunk formation with PBR policy.....................................................151

IPv6 ACLs .......................................................................................................................... 153

Supported IPv6 ACL features..................................................................... 153
IPv6 ACL overview......................................................................................153

IPv6 ACL traffic filtering criteria.......................................................154
IPv6 protocol names and numbers................................................. 154

IPv6 ACL configuration notes..................................................................... 155
Configuring an IPv6 ACL.............................................................................156

Example IPv6 configurations...........................................................156
Default and implicit IPv6 ACL action...............................................157

Creating an IPv6 ACL................................................................................. 158

Syntax for creating an IPv6 ACL.....................................................159

Enabling IPv6 on an interface to which an ACL will be applied.................. 164

Syntax for enabling IPv6 on an interface........................................ 164

Applying an IPv6 ACL to an interface......................................................... 164

Syntax for applying an IPv6 ACL.................................................... 165
Applying an IPv6 ACL to a trunk group...........................................165
Applying an IPv6 ACL to a virtual interface in a protocol-based

or subnet-based VLAN.............................................................. 165

Adding a comment to an IPv6 ACL entry....................................................165
Deleting a comment from an IPv6 ACL entry..............................................166
Support for ACL logging..............................................................................166
Configuring IPv6 ACL accounting............................................................... 167
Displaying IPv6 ACLs .................................................................................168

6

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: