beautypg.com

Configuring numbered and named acls, Configuring standard numbered acls – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 119

background image

Multi-Service IronWare Security Configuration Guide

101

53-1003035-02

Configuring numbered and named ACLs

3

Syntax: [no] suppress-acl-seq

The no version of this command turns suppress-acl-seq OFF.

Configuring numbered and named ACLs

When you configure IPv4 ACLs, you can refer to the ACL by a numeric ID or by an alphanumeric
name. The commands to configure numbered ACLs are different from the commands for named
ACLs:

If you refer to the ACL by a numeric ID, you can use 1 – 99 for a standard ACL or 100 – 199 for
an extended ACL. This document refers to this ACL as numbered ACL.

If you refer to the ACL by a name, you specify whether the ACL is a standard ACL or an extended
ACL, then specify the name. This document refers to this ACL type as named ACL.

You can configure up to 99 standard numbered IP ACLs and 100 extended numbered IP ACLs. You
also can configure up to 100 named ACLs and 500 extended named ACLs by number.

Configuring standard numbered ACLs

The following section describes how to configure standard numbered IPv4 ACLs with numeric IDs:

For configuration information on extended ACLs, refer to

“Configuring extended numbered

ACLs”

.

For configuration information on named ACLs, refer to

“Configuring standard or extended

named ACLs”

.

Standard ACLs permit or deny packets based on source IP address. You can configure up to 99
standard ACLs. There is no limit to the number of ACL entries an ACL can contain except for the
system-wide limitation. For the number of ACL entries supported on a Brocade device, refer to

“ACL

IDs and entries”

.

To configure a standard ACL and apply it to inbound traffic on port 1/1, enter the following
commands.

Brocade(config)# access-list 1 deny host 10.157.22.26

Brocade(config)# access-list 1 deny 10.157.29.12

Brocade(config)# access-list 1 deny host IPHost1

Brocade(config)# access-list 1 permit any

Brocade(config)# int eth 1/1

Brocade(config-if-e10000-1/1)# ip access-group 1 in

Brocade(config)# write memory

The commands in this example configure an ACL to deny incoming packets from three source IP
addresses from being forwarded on port 1/1. The last ACL entry in this ACL permits all packets that
are not explicitly denied by the first three ACL entries.

The ACL functionality for filtering traffic is enhanced with sequence numbers that enable users to 
insert, modify or delete rules at any position, without having to remove and reapply the entire ACL. A
sequence number is assigned to each ACL entry and ACL rules are applied in the order of lowest to
highest sequence number. Therefore, you can insert a new filter rule at any position you want in the
ACL table by specifying the sequence number. If you do not specify a sequence number, then the
system automatically generates a sequence number and is applied to each ACL entry. The

See also other documents in the category Brocade Computer Accessories: