beautypg.com

Extended acl syntax – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 126

background image

108

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring numbered and named ACLs

3

access-list 100 permit icmp any any

Extended ACL syntax

This section presents the syntax for creating and re-sequencing an extended IPv4 ACL and for
binding the ACL to an interface. Use the access-list regenerate-seq-num command to re-sequence
the ACL table. Use the ip access-group command in the interface level to bind the ACL to an
interface.

Syntax: [no] access-list num [sequence num] deny | permit [vlan vlan-id]

ip-protocol {source-ip | hostname wildcard | any}
[operator source-tcp/udp-port]
{destination-ip | hostname wildcard | any}
[operator destination-tcp/udp-port]
[icmp-type] [established] [precedence {name | num}]
[tos {name | number}] [dscp-mapping number]
[dscp-marking number] | [{fragment] | non-fragment}]
[option value | name | keyword]
[priority priority-value | priority-force priority-value | priority-mapping priority-value]
[mirror]

Syntax: access-list num regenerate-seq-num [num]

Syntax: [no] ip access-group num in | out

General parameters for extended ACLs
The following parameters apply to any extended ACL you are creating.

num

Enter 100 – 199 for an extended ACL.

sequence num

The sequence parameter specifies where the conditional statement is to be added in the
access list. You can add a conditional statement at particular place in an access list by
specifying the entry number using the sequence keyword. The range is from 1 through
214748364. If the sequence num option is not specified, a default sequence number is
applied to the clause. The default value is 10+ the sequence number of the last ACL filter rule
provisioned in the ACL table. The default value for the first clause in an IPv4 ACL table is “10”.

deny | permit

Enter deny if the packets that match the policy are to be dropped; permit if they are to be
forwarded.

ip-protocol

Indicate the type of IP packet you are filtering. You can specify a well-known name for any
protocol whose number is less than 255. For other protocols, you must enter the number.
Enter “?” instead of a protocol to list the well-known names recognized by the CLI.

source-ip |
hostname

Specify the source IP host for the policy. If you want the policy to match on all source
addresses, enter any.

See also other documents in the category Brocade Computer Accessories: