beautypg.com

Adding 1000 layer-2 numbered acl – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 137

background image

Multi-Service IronWare Security Configuration Guide

119

53-1003035-02

Configuring numbered and named ACLs

3

Brocade(config)#show access-list 99

ACL configuration:

!

Standard IP access list 10

10: access-list 99 deny host 10.10.10.1

20: access-list 99 permit any

For a named ACL, enter a command such as the following.

Brocade(config)#show access-list name entry

Standard IP access list entry

10: deny host 5.6.7.8

20: deny host 192.168.12.3

30: permit any

Syntax: show access-list { count | number | name acl-name | all }

The count parameter specifies displaying the total number of Layer-2 and IPv4 access lists and the
number of filters configured for each list. Empty ACLs that are applied to interfaces are included in
the total ACL count but are not displayed.

The number variable specifies displaying information for a specific numbered ACL:

1 – 99 for standard ACLs

100 – 199 for extended ACLs

The name acl-name option specifies displaying information for a specific named ACL.

Enter all if you want to display all the ACLs configured on the device.

Adding 1000 Layer-2 numbered ACL

Currently there are 200 Layer-2 numbered ACL, from 400 to 599. In this release, new ACL are
added from 400 to 1399, and the new ACL is as follows:

Brocade(config)#access-list ?

1 - 99 for standard IP access list

400-1399 for L2 MAC access list

100 – 199 for extended IP access list

NetIron CES and NetIron CER devices have 8192 CAM entries, and 1000 ingress Layer-2 numbered
ACL takes 1000 CAM entries, while egress Layer-2 numbered ACL needs 2000 CAM entries. If
users configure the maximum Layer-2 ACL, the other types of ACL, such as IP and IPv6 ACL, will
have limited space.

The change may also impact memory use in Brocade MLX series, NetIron XMR, NetIron CES and
NetIron CER devices, and memory increase can be from 2.5M to 10M, depending on system-max
l2-acl-table-entries configurations:

Brocade(config)#system-max l2-acl-table-entries

DECIMAL

Valid range 64 to 256 (default: 64)

Once the above is set to 256, and the user configures one Layer-2 ACL with 256 entries, then each
of other Layer-2 ACL will take memory of 256 entries, even though each of these ACL has a single
entry only.

See also other documents in the category Brocade Computer Accessories: