beautypg.com

Applying a mac acl to a vlan interface, Modifying mac acl rules, 466 and – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Page 467

background image

NOTE
The DCB interface must be configured as a Layer 2 switch port before an ACL can be applied as an
access-group to the interface.

To apply a MAC ACL to a DCB interface, perform the following steps from privileged EXEC mode.

1. Enter the configure terminal command to access global configuration mode.
2. Enter the interface command to specify the DCB interface type and slot/port number.

The gigabitethernet rbridge-id/slot/port operand is used only for the Brocade VDX 6710, VDX 6740-
series, and VDX 8770-series platforms. The prompt for these ports is in the following example format:

switch(config)# interface tengigabitethernet 0/1

switch(config-if-gi-22/0/1)#

3. Enter the switchport command to configure the interface as a Layer 2 switch port.
4. Enter the mac-access-group command to specify the MAC ACL that is to be applied to the Layer 2

DCB interface in the ingress direction.

switch(conf-if-te-0/1)# mac access-group test_02 in

Applying a MAC ACL to a VLAN interface

Ensure that the ACL that you want to apply exists and is configured to filter traffic in the manner that you
need for this VLAN interface. An ACL does not take effect until it is expressly applied to an interface
using the access-group command. Frames can be filtered as they enter an interface (ingress
direction).

To apply a MAC ACL to a VLAN interface, perform the following steps from privileged EXEC mode.

1. Enter the configure terminal command to access global configuration mode.
2. Enter the interface command to apply the MAC ACL to the VLAN interface.

switch(config)# interface vlan 50

3. Enter the mac access-group command to specify the MAC ACL that is to be applied to the VLAN

interface in the ingress direction.

switch(config-Vlan-50)# mac access-group test_02 in

Modifying MAC ACL rules

You cannot modify the existing rules of a MAC ACL. However, you can remove the rule and then
recreate it with the desired changes.

If you need to add more rules between existing rules than the current sequence numbering allows, you
can use the resequence command to reassign sequence numbers. For detailed information, refer to

Reordering the sequence numbers in a MAC ACL

on page 468.

Use a sequence number to specify the rule you wish to modify. Without a sequence number, a new rule
is added to the end of the list, and existing rules are unchanged.

NOTE
Using the permit and deny keywords, you can create many different rules. The examples in this section
provide the basic knowledge needed to modify MAC ACLs. This example assumes that "test_02"
contains an existing rule number 100 with the "deny any any" options.

To modify a MAC ACL, perform the following steps from privileged EXEC mode.

Applying a MAC ACL to a VLAN interface

Network OS Administrator’s Guide

467

53-1003225-04

See also other documents in the category Brocade Computer Accessories: