beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 135

background image

Multi-Service IronWare Security Configuration Guide

117

53-1003035-02

Configuring numbered and named ACLs

3

3. Enter the show access-list command to display the updated list.

Brocade(config)# ip show access-list name entry

Standard IP access list entry

10: deny host 10.2.4.5

30: deny host 10.6.7.8

40: permit any

NOTE

If you try to delete an ACL filter rule using the sequence number, but the sequence number that you
specify does not exist, the following error message will be displayed.

"Error: Entry with sequence 20 does not exist!"

Syntax: [no] ip access-list standard string | num

Syntax: [no] [sequence num] deny | permit [vlan vlan-id] host {source-ip | hostname} |

{hostname wildcard | source-ip/mask-bits} | any

Syntax: regenerate-seq-num [num]

Syntax: [no] ip access-group num in

The standard parameter indicates the ACL type.

The string parameter is the ACL name. You can specify a string of up to 256 alphanumeric
characters. You can use blanks in the ACL name if you enclose the name in quotation marks (for
example, “ACL for Net1”). The num parameter allows you to specify an ACL number if you prefer. If
you specify a number, you can specify from 1 – 99 for standard ACLs or 100 – 199 for extended
ACLs.

NOTE

For convenience, the software allows you to configure numbered ACLs using the syntax for named
ACLs. The software also still supports the older syntax for numbered ACLs. Although the software
allows both methods for configuring numbered ACLs, numbered ACLs are always formatted in the
startup-config and running-config files in using the older syntax, as follows.

access-list 1 deny host 10.157.22.26

access-list 1 deny 10.157.22.0 0.0.0.255

access-list 1 permit any

access-list 101 deny tcp any any eq http

The options at the ACL configuration level and the syntax for the ip access-group command are the
same for numbered and named ACLs and are described in

“Configuring standard numbered ACLs”

.

Configuration example for extended ACL
To configure a named extended ACL entry, enter commands such as the following.

Brocade(config)# ip access-list extended “block Telnet”

Brocade(config-ext-nacl-block telnet)# deny tcp host 10.157.22.26 any eq

Brocade(config-ext-nacl-block telnet)# permit ip any any

Brocade(config-ext-nacl-block telnet)# exit

Brocade(config)# int eth 1/1

Brocade(config-if-e10000-1/1)# ip access-group “block Telnet” in

See also other documents in the category Brocade Computer Accessories: