Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

408

Network OS NETCONF Operations Guide

53-1003231-02

ACL configuration and management

28

3. Under the node, include the leaf node, and specify the name of the ACL

you want to create or modify.

4. Under the node, specify a node element for each rule you want to

configure.

5. Under each node, specify the following leaf elements.

a. In the element, set a sequence number for the rule.

b. In the element, specify “deny” to create a rule in the MAC ACL to drop traffic with

the source or destination MAC address, “permit” to create a rule in the MAC ACL to permit
traffic with the source or destination MAC address, or “hard-drop” to create a rule in the
MAC ACL to force drop traffic.

c. Additional elements that define the source or destination devices or ports for which the

action is applied.

For a complete list of node leaf elements, refer to the brocade-mac-access-list.yang file.

6. Issue the RPC to save the running-config file to the startup-config file.

The following example creates an extended MAC access list named test_02 with the following rules:

•

Rule 5 allows traffic from MAC address 0022.3333.4444 destined for MAC address
0022.333.555 and maintains a count of accepted packets.

•

Rule 1000 allows traffic from MAC address 0022.1111.2222 and maintains a count of
accepted packets.

test_02

5

permit

0022.3333.4444

ffff.ffff.ffff

0022.3333.5555

ffff.ffff.ffff

1000

permit

0022.1111.2222

ffff.ffff.ffff