beautypg.com

Seq (standard ip acls), Standard ip acls) – Brocade Network OS Command Reference v4.1.0 User Manual

Page 686

background image

648

Network OS Command Reference

53-1003115-01

seq (standard IP ACLs)

2

seq (standard IP ACLs)

Inserts a rule anywhere in the IP ACL.

Synopsis

seq value {deny | permit | hard-drop} [any | A:B:C:D:E:F:H:I/prefix_len | host SIP_address|
SIP_address mask] [count] [log]

no seq value {deny | permit | hard-drop} [any | A:B:C:D:E:F:H:I/prefix_len | host SIP_address|
SIP_address mask] [count] [log]

Operands

value

Specifies the sequence number for the rule. Valid values range from 0
through 4294967295.

permit

Specifies rules to permit traffic.

deny

Specifies rules to deny traffic.

hard-drop

Drops the packet absolutely and can override the control packet trap
entries, but does not override the permit entry that occurs before this rule
in the ACL.

any

Specifies any source MAC or IP address.

host SIP_address

Specifies the source host IP address for which to set permit or deny
conditions.

SIP_mask

Specifies the destination host IP address for which to set permit or deny
conditions. The address can also be entered as an IP address, or an
IP address with a mask. The mask value can be entered in Classless
Interdomain Routing (CIDR) format, or in wildcard mask format.
For example, the following to entries yield the same results. The CIDR
equivalent of “209.157.22.26 0.0.0.255” is “209.157.22.26/24”.
In wildcard format, you can mask for any bit. For example, 0.255.0.255 is
valid.

count

Enables the counting of the packets matching the rule.

log

Packets matching the filter are sent to the CPU and a corresponding log
entry is generated by enabling the logging mechanism. This parameter is
only available with permit and deny.

remark comment

An ASCII string 0 to 256 characters in length.

Defaults

No IP ACLs are configured.

Command Modes

Feature Access Control List configuration mode

Description

Use this command to configure rules to match and permit or drop traffic based on source and
destination IP address and protocol type. You can also enable counters for a specific rule. There
are 255 ACL counters supported per port group.

Usage Guidelines

Enter no seq value {deny | permit | hard-drop} [any | A:B:C:D:E:F:H:I/prefix_len |
host SIP_address| SIP_address mask] [count] [log] to remove a rule from the IP ACL.

Examples

None

See Also

seq (extended MAC ACLs)