beautypg.com

Default acls, Configuring and managing acls – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Page 464

background image

IP ACL parameters (Continued)

TABLE 75

ACL / Rule type

IP ACL
parameter

IP ACL parameter definition

hard drop

Overrides the trap behavior for control frames and data frames such as
echo request (ping).

Default ACLs

When none of the policies is enforced on the switch, these default ACL rules are effective in Network
OS:

• seq 0 permit tcp any any eq 22
• seq 1 permit tcp any any eq 23
• seq 2 permit tcp any any eq 897
• seq 3 permit tcp any any eq 898
• seq 4 permit tcp any any eq 111
• seq 5 permit tcp any any eq 80
• seq 6 permit tcp any any eq 443
• seq 7 permit udp any any eq 161
• seq 8 permit udp any any eq 111
• seq 9 permit tcp any any eq 123
• seq 10 permit tcp any any range 600 65535
• seq 11 permit udp any any range 600 65535

Configuring and managing ACLs

The following sections discuss working with the Access Control Lists (ACLs) on Brocade devices.

Understanding ACL configuration guidelines and restrictions

Follow these Access Control List (ACL) configuration guidelines and restrictions when configuring
ACLs:

• The order of the rules in an ACL is critical. The first rule that matches the traffic stops further

processing of the frames.

• Standard ACLs and extended ACLs cannot have the same name.
• Applying a permit or deny UDP ACL to the management interface enacts an implicit deny for TCP;

however, ping will succeed.

• Applying a permit or deny ACL for a specific UDP port enacts an implicit deny for all other UDP

ports.

• Applying a permit or deny ACL for a specific TCP port enacts an implicit deny for all other TCP

ports.

• There is a default "permit" rule added at the end of the rules list of a Layer 2 (L2) ACL. This implicit

rule permits all L2 streams that do not match any of the configured rules in the sequence list
associated with the ACL.

• The default action of "permit any" is inserted at the end of a bounded L2 ACL. This default rule is

not exposed to the user.

• There is a default "deny" rule added at the end of the rule list of a Layer 3 (L3) ACL.

Default ACLs

464

Network OS Administrator’s Guide

53-1003225-04

See also other documents in the category Brocade Computer Accessories: