Seq (standard ip acls), Standard ip acls) – Brocade Network OS Command Reference v4.1.0 User Manual
Page 686
![background image](/manuals/361630/686/background.png)
648
Network OS Command Reference
53-1003115-01
seq (standard IP ACLs)
2
seq (standard IP ACLs)
Inserts a rule anywhere in the IP ACL.
Synopsis
seq value {deny | permit | hard-drop} [any | A:B:C:D:E:F:H:I/prefix_len | host SIP_address|
SIP_address mask] [count] [log]
no seq value {deny | permit | hard-drop} [any | A:B:C:D:E:F:H:I/prefix_len | host SIP_address|
SIP_address mask] [count] [log]
Operands
value
Specifies the sequence number for the rule. Valid values range from 0
through 4294967295.
permit
Specifies rules to permit traffic.
deny
Specifies rules to deny traffic.
hard-drop
Drops the packet absolutely and can override the control packet trap
entries, but does not override the permit entry that occurs before this rule
in the ACL.
any
Specifies any source MAC or IP address.
host SIP_address
Specifies the source host IP address for which to set permit or deny
conditions.
SIP_mask
Specifies the destination host IP address for which to set permit or deny
conditions. The address can also be entered as an IP address, or an
IP address with a mask. The mask value can be entered in Classless
Interdomain Routing (CIDR) format, or in wildcard mask format.
For example, the following to entries yield the same results. The CIDR
equivalent of “209.157.22.26 0.0.0.255” is “209.157.22.26/24”.
In wildcard format, you can mask for any bit. For example, 0.255.0.255 is
valid.
count
Enables the counting of the packets matching the rule.
log
Packets matching the filter are sent to the CPU and a corresponding log
entry is generated by enabling the logging mechanism. This parameter is
only available with permit and deny.
remark comment
An ASCII string 0 to 256 characters in length.
Defaults
No IP ACLs are configured.
Command Modes
Feature Access Control List configuration mode
Description
Use this command to configure rules to match and permit or drop traffic based on source and
destination IP address and protocol type. You can also enable counters for a specific rule. There
are 255 ACL counters supported per port group.
Usage Guidelines
Enter no seq value {deny | permit | hard-drop} [any | A:B:C:D:E:F:H:I/prefix_len |
host SIP_address| SIP_address mask] [count] [log] to remove a rule from the IP ACL.
Examples
None
See Also