beautypg.com

Using the drop-precedence-force keyword option, Using the mirror keyword option, Using the mark flow id keyword option – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 102

background image

84

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Creating a numbered Layer-2 ACL table

2

The Brocade NetIron CES and Brocade NetIron CER devices treat the drop-precedence (DP) value
internally, and do not mark any packets on DP explicitly.

For example the following ACL is accepted but will not change the DP value of any packet going
through Brocade NetIron CES and Brocade NetIron CER devices:

permit ipv6 any any drop-precedence 0-3

permit ipv6 any any drop-precedence-force 0-3

The above configuration CLI specifies DP from 0 to 3, but Brocade NetIron CES and Brocade
NetIron CER devices map them to 0 to 2 as follows:

Configuration CLI CES Internal Process

0 0

1 1

2 1

3 2

Using the drop-precedence-force keyword option

In the following example, access list 411 assigns packets with any source and destination
addresses from VLAN 11 to drop-precedence 1.

Brocade(config)# access-list 411 perm an an 11 etype an drop-precedence-force 1

Using the mirror keyword option

In the following example, access list 413 permits IPv6 packets with any source and destination
addresses from VLAN 10 having an 802.1p priority of 3 and sends a copy of the matching packet to
the specified mirror port.

Brocade(config)# access-list 413 permit any any 10 etype ipv6 priority-mapping 3

Using the mark flow ID keyword option

NOTE

The mark-flow-id keyword option is available for Brocade NetIron CES and Brocade NetIron CER
devices only.

The mark-flow-id option balances traffic coming from a LAG port and going to another LAG port. By
applying the mark-flow-id command to the inbound LAG port of an ACL, the matching traffic is
marked with a flow ID and will be distributed over different physical ports on the outbound LAG
interface.

In the following example, access list 414 permits IPv6 packets with any source and destination
addresses from VLAN 10 having an 802.1p priority of 2 and marks the flow ID for load-balancing on
LAG ports.

Brocade(config)#access-list 414 permit 1425.0124.010c ffff.ffff.ffff any 14 etype

ipv4-l5 priority-mapping 2 mark-flow-id

See also other documents in the category Brocade Computer Accessories: