Brocade Network OS Command Reference v4.1.0 User Manual

Network OS Command Reference

647

53-1003115-01

seq (extended IP ACLs)

2

Description

Use this command to insert a rule anywhere in the IP ACL; it configures rules to match and
permits or drops traffic based on the source and destination IP addresses, and the protocol type.
You can also enable counters for a specific rule. There are 255 ACL counters supported per port
group.

Usage Guidelines

The first set of [any | host Source_IP_ADDRESS | Source_IP_ADDRESS] parameters is specific to
the source IP address. The second set of [any | host Destination_IP_ADDRESS |
Destination_IP_ADDRESS] parameters is specific to the destination IP address.

Enter no seq value to remove a rule from the IP ACL.

If an ACL is set up to deny a specific host or range (such as “seq 2 deny host 10.9.106.120”), the
VDX still responds to ping unless the hard-drop operand is added (such as “seq 20 hard-drop icmp
any any”).

CAUTION

The use of ‘hard-drop” can prevent the trapping of control frames. As a result, it could interfere
with normal operations of the protocols.

If no sequence value is specified, the rule is added to the end of the list.

IP ACL logging of hits is not supported on the VDX 6720 switch.

Examples

None

See Also

seq (standard IP ACLs)