beautypg.com

Deleting a standard named acl entry – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 134

background image

116

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring numbered and named ACLs

3

Configuration example for standard ACL
To configure a named standard ACL entry, enter commands such as the following.

The commands in this example configure a standard ACL named “Net1”. The entries in this ACL
deny packets from three source IP addresses from being forwarded on port 1/1. Since the implicit
action for an ACL is “deny”, the last ACL entry in this ACL permits all packets that are not explicitly
denied by the first three ACL entries. For an example of how to configure the same entries in a
numbered ACL, refer to

“Configuring standard numbered ACLs”

.

The command prompt changes after you enter the ACL type and name. The “std” in the command
prompt indicates that you are configuring entries for a standard ACL. For an extended ACL, this part
of the command prompt is “ext“. The “nacl” indicates that are configuring a named ACL.

To re-sequence a named standard ACL table, enter the following command:

Brocade(config)# ip access-list standard Net1

Brocade(config-std-nacl-Net1)# regenerate-seq-num

Deleting a standard named ACL entry

You can delete an ACL filter rule by providing the sequence number or without providing the
sequence number. To delete an ACL filter rule without providing a sequence number you must
specify the filter rule attributes. To delete an ACL filter rule providing a sequence number you can
provide the sequence number alone or the sequence number and the other filter rule attributes.

To delete a filter rule from a named ACL “entry”, perform the tasks listed below.

1. Enter the following command to display the contents of the ACL list.

Brocade#show access-list name entry

Standard IP access list entry

10: deny host 10.2.4.5

20: deny host 10.1.1.1

30: deny host 10.6.7.8

40: permit any

2. To delete the second ACL entry from the list by specifying the sequence number only, enter the

following commands:

Brocade(config)#ip access-list standard entry

Brocade(config-std-nacl-entry)# no sequence 20

To delete the second ACL entry from the list by specifying both the sequence number and filter
rule attributes, use the following commands:

Brocade(config)#ip access-list standard entry

Brocade(config-std-nacl-entry)# no sequence 20 deny host 10.1.1.1

To delete the second ACL entry from the list by specifying the filter rule attributes only, enter
the following commands:

Brocade(config)#ip access-list standard entry

Brocade(config-std-nacl-entry)# no deny host 10.1.1.1

Brocade(config)# ip access-list standard Net1

Brocade(config-std-nacl-Net1)# deny host 10.157.22.26

Brocade(config-std-nacl-Net1)# deny 10.157.29.12

Brocade(config-std-nacl-Net1)# deny host IPHost1

Brocade(config-std-nacl-Net1)# permit any

Brocade(config-std-nacl-Net1)# exit

Brocade(config)# int eth 1/1

Brocade(config-if-e10000-1/1)# ip access-group Net1 in

See also other documents in the category Brocade Computer Accessories: