Default acls, Configuring and managing acls – Brocade Network OS Administrator’s Guide v4.1.1 User Manual
Page 464

IP ACL parameters (Continued)
TABLE 75
ACL / Rule type
IP ACL
parameter
IP ACL parameter definition
hard drop
Overrides the trap behavior for control frames and data frames such as
echo request (ping).
Default ACLs
When none of the policies is enforced on the switch, these default ACL rules are effective in Network
OS:
• seq 0 permit tcp any any eq 22
• seq 1 permit tcp any any eq 23
• seq 2 permit tcp any any eq 897
• seq 3 permit tcp any any eq 898
• seq 4 permit tcp any any eq 111
• seq 5 permit tcp any any eq 80
• seq 6 permit tcp any any eq 443
• seq 7 permit udp any any eq 161
• seq 8 permit udp any any eq 111
• seq 9 permit tcp any any eq 123
• seq 10 permit tcp any any range 600 65535
• seq 11 permit udp any any range 600 65535
Configuring and managing ACLs
The following sections discuss working with the Access Control Lists (ACLs) on Brocade devices.
Understanding ACL configuration guidelines and restrictions
Follow these Access Control List (ACL) configuration guidelines and restrictions when configuring
ACLs:
• The order of the rules in an ACL is critical. The first rule that matches the traffic stops further
processing of the frames.
• Standard ACLs and extended ACLs cannot have the same name.
• Applying a permit or deny UDP ACL to the management interface enacts an implicit deny for TCP;
however, ping will succeed.
• Applying a permit or deny ACL for a specific UDP port enacts an implicit deny for all other UDP
ports.
• Applying a permit or deny ACL for a specific TCP port enacts an implicit deny for all other TCP
ports.
• There is a default "permit" rule added at the end of the rules list of a Layer 2 (L2) ACL. This implicit
rule permits all L2 streams that do not match any of the configured rules in the sequence list
associated with the ACL.
• The default action of "permit any" is inserted at the end of a bounded L2 ACL. This default rule is
not exposed to the user.
• There is a default "deny" rule added at the end of the rule list of a Layer 3 (L3) ACL.
Default ACLs
464
Network OS Administrator’s Guide
53-1003225-04