beautypg.com

Re-sequencing a standard numbered acl table – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 120

background image

102

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring numbered and named ACLs

3

sequence number generated by the system is the Smallest number divisible by 10 which is greater
than the sequence number of the last ACL entry provisioned in the ACL table. Therefore, when you
do not specify a sequence number, the rule is added to the end of the ACL table. The default
sequence number assigned to the first ACL entry in the ACL table is “10”.

The following example explains how the system generated sequence number is assigned, when you
do not specify a sequence number.

Brocade(config)#access-list 101 deny ip 1.1.1.1/32 any

Brocade(config)#access-list 101 sequence 12 permit ip 1.1.1.2/32 any

Brocade(config)#access-list 101 permit ip 1.1.1.3/32 any

Brocade(config)#access-list 101 deny ip 1.1.1.4/32 any

Brocade(config)#access-list 101 sequence 37 permit ip 1.1.1.5/32 any

Brocade(config)#access-list 101 deny ip any any

In the above example, the first ACL entry will have default sequence number “10” assigned to it,
the second ACL entry will have user defined sequence number “12”, and the third ACL entry will
have a sequence number “20” assigned to it (smallest number divisible by 10 which is greater than
12), and the fourth ACL entry will be have a sequence number “30” assigned to it (smallest number
divisible by 10 which is greater than 20), and the fifth ACL entry will have user defined sequence
number “37”, and the sixth ACL entry will have a sequence number “40” assigned to it (smallest
number divisible by 10 which is greater than 37) and so on.

To configure an ACL filter rule with the sequence number “4” for ACL “1”, enter the following
command:

Brocade(config)# access-list 1 sequence 4 permit any any

If the sequence number “4” is already used by another ACL filter rule, the following error message
is displayed.

"Error: Entry with sequence 4 already exists!"

If you specify a sequence number which is greater than the limit (214748364) the following error
message is displayed.

"Error: Valid range for sequence is 1 to 214748364"

Re-sequencing a standard numbered ACL table

To allow new ACL entries to be inserted between ACL entries that have consecutive sequence
numbers, you can create space between sequence numbers of adjacent filters by regenerating the
ACL table.

To re-sequence ACL table “1”, use the following command.

Brocade(config)# access-list 1 regenerate-seq-num

This command regenerates the filter sequence numbers in steps of 10, assigning the default
sequence number “10” to the first entry in the table.

NOTE

If sequence numbers generated by the regenerate-seq-num command cross the limit (214748364),
then re-sequencing of ACL filters will not take place and the following error message is displayed.

"Error: Valid range for sequence is 1 to 214748364".

NOTE

The regenerate-seq-num command is not allowed while tftp copy in progress.

See also other documents in the category Brocade Computer Accessories: