beautypg.com

Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Page 463

background image

IP ACL parameters

TABLE 75

ACL / Rule type

IP ACL
parameter

IP ACL parameter definition

Standard IP ACL

name

The name of the standard IP ACL. The name must begin with a-z, A-Z, or
0-9. Underscores and hyphens are also accepted except as the first
character. The ACL name must be unique among all ACL types (L2/L3) and
cannot contain more than 63 characters.

Standard IP ACL
rule

seq

The sequence number of the rule. The number must be from 0 through
4294967290. A rule without a sequence number is allocated one. The
allocated sequence can be changed by the user using the resequence
command.

permit/deny

Specifies whether to permit or deny traffic for the combination specified in
the rule.

any/host

The IP address of the host from which ingress traffic must be filtered.

Extended IP ACL

name

The name of the extended IP Access Control List. The name must begin
with a-z, A-Z, or 0-9. Underscores and hyphens are also accepted except as
the first character. The ACL name must be unique among all ACL types
(L2/L3) and cannot contain more than 63 characters.

Extended IP ACL
Rule

seq

The sequence number of the rule. The number must be from 0 through
65535. A rule without a sequence number is allocated one. The allocated
sequence can be changed by the user using the resequence command.

permit/deny

Specifies whether to permit or deny traffic for the combination specified in
the rule.

protocol

Indicates the type of IP packet to be filtered.

any/host

The IP address of the host from which inbound traffic must be filtered.

any

The IP address of the host to which egress or control of outbound traffic
must be blocked. Because the egress and outbound traffic is blocked, the
destination address is always "any" (which also covers the Virtual IP
address of a host).

port-number

Indicates the source or destination port for which the filter is applicable. This
is applicable for both UDP and TCP. The number is from 0 through 65535.

range

If there is more than one destination port that must be filtered through the
ACL rule, use the range parameter to specify the starting port and end port.

eq

If there is only one destination port that must be filtered through the ACL
rule, use the eq parameter.

dscp value

Compares the specified value against the DSCP value of the received
packet. The range of valid values is from 0 through 63.

ack, fin, rst, sync,
urg, psh

Any combination of the TCP flags may be specified.

log

Packets matching the filter is sent to the CPU and a corresponding log entry
is generated. The optional log parameter enables the logging mechanism.
This option is only available with permit and deny.

Configuring ACLs

Network OS Administrator’s Guide

463

53-1003225-04