beautypg.com

Creating a named layer-2 acl table, Binding a named layer-2 acl table to an interface – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 104

background image

86

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Creating a named Layer-2 ACL table

2

Creating a named Layer-2 ACL table

To create for example a named Layer-2 ACL called example_l2_acl, enter the following commands.

Brocade(config)#mac access-list example_l2_acl

Brocade(config-mac-nacl)#deny 0000.0000.0001 ffff.ffff.ffff any

Brocade(config-mac-nacl)#permit any 0000.0000.0002 ffff.ffff.ffff

Brocade(config-mac-nacl)#exit

Following is an example of how a named Layer-2 ACL “example_l2_acl” is displayed in the
configuration file.

!

mac access-list example_l2_acl

deny 0000.0000.0001 ffff.ffff.ffff any

permit any 0000.0000.0002 ffff.ffff.ffff

!

The following example displays the output of the show access-list command for “l2_ACL”.

L2 MAC Access List l2_acl:

21: sequence 21 permit 0000.3333.3333 ffff.ffff.ffff any any etype any

31: deny any any any etype any log

In this example, the display of “sequence 21” for the first entry indicates that the sequence
number is user-configured. In the second entry, the sequence number is not displayed; this
indicates that the sequence number was not specified by the user but generated by the system.

To re-sequence a named Layer-2 ACL table, enter the following command:

Brocade(config)# mac access-list l2_acl

Brocade(config-std-nacl-l2_acl)# regenerate-seq-num

Syntax: [no] mac access-list acl_name

Syntax: [no] sequence num permit | deny src-mac mask | any dest-mac mask | any [vlan-id | any]

[etype etype-str ] [ priority 802.1p-value | priority-force 802.1p-value | priority-mapping
802.1p-value | mark-flow-id | dscp-marking number]

Syntax: regenerate-seq-num [num]

Binding a named Layer-2 ACL table to an interface

Following is an example of the named Layer-2 ACL “example_l2_acl” applied to the inbound of port
2/2.

Brocade(config)# interface e 2/2

Brocade(config-if-e1000-2/2)#mac access-group example_l2_acl in

Syntax: [no] mac access-group acl_name in| out

If a Layer-2 ACL name is bound to an interface before the actual Layer-2 ACL filters are defined, the
behavior will be implicit deny of all traffic. This is consistent with the behavior of other types of
ACLs.

See also other documents in the category Brocade Computer Accessories: