beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 122

background image

104

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring numbered and named ACLs

3

Parameters for regenerating IPv4 ACL table sequence numbers

host source-ip | hostname

Specify a host IP address or name. When you use this parameter, you do not
need to specify the mask. A mask of all zeros (0.0.0.0) is implied.

NOTE

To specify the host name instead of the IP address, the DNS server
must be configured using the ip dns server-address ip-addr command
at the global configuration level.

hostname

Specifies the host name for the policy.

widcard

Specifies the portion of the source IP host address to match against.
The wildcard is a four-part value in dotted-decimal notation (IP
address format) consisting of ones and zeros. Zeros in the mask
mean the packet’s source address must match the source-ip. Ones
mean any value matches. For example, the source-ip and wildcard
values 10.157.22.26 0.0.0.255 mean that all hosts in the Class C
subnet 10.157.22.x match the policy.

If you prefer to specify the mask value in Classless Inter domain
Routing (CIDR) format, you can enter a forward slash after the IP
address, then enter the number of significant bits in the mask. For
example, you can enter the CIDR equivalent of “10.157.22.26
0.0.0.255” as “10.157.22.26/24”. The CLI automatically converts
the CIDR number into the appropriate ACL mask (where zeros instead
of ones are the significant bits) and changes the non-significant
portion of the IP address into zeros. For example, if you specify
10.157.22.26/24 or 10.157.22.26 0.0.0.255, then save the changes
to the startup-config file, the value appears as 10.157.22.0/24 (if you
have enabled display of subnet lengths) or 10.157.22.0 0.0.0.255 in
the startup-config file.

If you enable the software to display IP subnet masks in CIDR format,
the mask is saved in the file in “mask-bits” format. You can use the
CIDR format to configure the ACL entry regardless of whether the
software is configured to display the masks in CIDR format.

NOTE

If you use the CIDR format, the ACL entries appear in this format in the
running-config and startup-config files, but they are shown with
subnet mask in the display produced by the show access-list
command.

any

Use this parameter to configure the policy to match on all host
addresses.

num

Specifies the number of the ACL table to re-sequence

regenerate-seq-num [num]

(Optional) Specifies the initial sequence number for the access list after
regeneration. The value ranges from 1 through 214748364. The default value is
10. ACL filter rule sequence numbers are regenerated in steps of 10.

See also other documents in the category Brocade Computer Accessories: