beautypg.com

Filtering broadcast traffic, Using the priority option, Using the priority force option – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 101: Using the priority mapping option, Using the drop-precedence keyword option

background image

Multi-Service IronWare Security Configuration Guide

83

53-1003035-02

Creating a numbered Layer-2 ACL table

2

Using the mask, you can make the access list apply to a range of addresses. For instance if you
changed the mask in the previous example from 0012.3456.7890 to ffff.ffff.fff0, all hosts with
addresses from 0000.0056.7890 to 0000.0056.789f would be blocked. This configuration for this
example is shown in the following.

Brocade(config)# access-list 401 deny 0000.0056.7890 ffff.ffff.fff0

0000.0033.4455 ffff.ffff.ffff

Brocade(config)# access-list 401 permit any any

The num parameter specifies the Layer-2 ACL table ID to bind to the interface.

Filtering broadcast traffic

To define an Layer-2 ACL that filters Broadcast traffic, enter commands such as the following.

Brocade(config)#access-list 401 deny any ffff.ffff.ffff ffff.ffff.ffff

Brocade(config)#access-list 401 permit any any any

To bind an Layer-2 ACL that filters Broadcast traffic, enter commands such as the following.

Brocade(config)#int eth 14/1

Brocade(config-if-e10000-14/1)#mac access-gr 401 in

Using the priority option

In the following example, Access-list 401 assigns ARP packets with any source and destination
addresses from VLAN 10 to internal priority queue 5. Access-list 401 then maps the ARP packets to
the 802.1p value 5 when outbound on an 802.1q interface and when an 802.1p priority is lower
than 5. Incoming packets with an 802.1p priority value greater than 5 are unchanged.

Brocade(config)# access-list 401 permit any any 10 etype arp priority 5

Using the priority force option

In the following example, access list 401 assigns IPv4 packets with any source and destination
addresses from VLAN 10 to the internal priority queue 6 and changes the outgoing 802.1p value to
6.

Brocade(config)# access-list 401 permit any any 10 etype ipv4-l5 priority-force 6

Using the priority mapping option

In the following example, access list 401 permits IPv6 packets with any source and destination
addresses from VLAN 10 that have an 802.1p priority of 3. The outgoing packet is not modified.

Brocade(config)# access-list 401 permit any any 10 etype ipv6 priority-mapping 3

Using the drop-precedence keyword option

In the following example, access list 410 assigns IPv4 packets with any source and destination
addresses from VLAN 10 to drop-precedence 0.

Brocade(config)# access-list 410 permit any any 10 etype ipv4-l5 drop-precedence 0

See also other documents in the category Brocade Computer Accessories: