beautypg.com

Configuring security profiles, Deleting a port-profile-port – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Page 334

background image

• Without PFC.

switch(config-qos-profile)# qos flowcontrol tx on rx on

• With PFC for each CoS.

switch(config-qos-profile)# qos flowcontrol pfc 1 tx on rx on

switch(config-qos-profile)# qos flowcontrol pfc 2 tx on rx on

8. Exit QoS profile mode.

switch(config-qos-profile)# exit

9. Activate the profile.

switch(config)# port-profile vm1-port-profile activate

10.Associate the profile to the MAC address for each host.

switch(config)# port-profile vm1-port-profile static 0050.56bf.0001

switch(config)# port-profile vm1-port-profile static 0050.56bf.0002

switch(config)# port-profile vm1-port-profile static 0050.56bf.0003

switch(config)# port-profile vm1-port-profile static 0050.56bf.0004

switch(config)# port-profile vm1-port-profile static 0050.56bf.0005

Configuring security profiles

A security profile defines all the security rules needed for the server port. A typical security profile
contains attributes for MAC-based standard and extended ACLs. Security profiles are applied to the
ACLs based on the profile or PolicyID. Therefore, multiple security profiles can be applied to the same
profiled port.

To configure the security profile, perform the following steps in global configuration mode.

1. AMPP profiles cannot be modified while active. Deactivate the port-profile before modifying the

security profile.

switch(config)# no port-profile vm1-port-profile activate

2. Enter security profile configuration mode.

switch(config)# port-profile vm1-port-profile

switch(config-pp)# security-profile

switch(config-pp-security)#

3. Modify the ACL security attributes. Refer to

Configuring ACLs

on page 461 for details.

4. Apply the ACL to the security profile.

switch(config-pp-security)# mac access-group vm1-acl in

5. Exit security profile configuration mode.

switch(config-pp-security)# exit

6. Activate the profile.

switch(config)# port-profile vm1-port-profile activate

7. Associate the profile to the MAC address for each host.

switch(config)# port-profile vm1-port-profile static 0050.56bf.0001

switch(config)# port-profile vm1-port-profile static 0050.56bf.0002

switch(config)# port-profile vm1-port-profile static 0050.56bf.0003

switch(config)# port-profile vm1-port-profile static 0050.56bf.0004

switch(config)# port-profile vm1-port-profile static 0050.56bf.0005

8. Activate the interface configuration mode for the interface you wish to modify.

The following example activates the mode for the 10-gigabit Ethernet interface in slot 0/port 0.

switch(config)# interface tengigabitethernet 1/0/1

9. Configure port-profile-port on the physical interface.

switch(conf-int-te-1/0/1)# port-profile-port

Deleting a port-profile-port

To delete a port-profile-port, perform the following steps in global configuration mode.

1. Activate the interface configuration mode for the interface you wish to modify.

Configuring security profiles

334

Network OS Administrator’s Guide

53-1003225-04