beautypg.com

Applying acls to interfaces, Reapplying modified acls, Applying acls to a virtual routing interface – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 143: Named acls: deleting a comment

background image

Multi-Service IronWare Security Configuration Guide

125

53-1003035-02

Applying ACLs to interfaces

3

Enter deny to deny the specified traffic or permit to allow the specified traffic. Complete the
configuration by specifying options for the standard or extended ACL entry. Options you can use to
configure standard or extended named ACLs are discussed in the section

“Configuring standard or

extended named ACLs”

.

Named ACLs: deleting a comment

To delete a remark from a named ACL, enter the following command.

Brocade(config)#ip access-list standard entry

Brocade(config-std-nacl-entry)#no remark Deny traffic from Marketing

Syntax: no remark string

Applying ACLs to interfaces

Configuration examples in the section

“Configuring numbered and named ACLs”

show that you

apply ACLs to interfaces using the ip access-group command. This section present additional
information about applying ACLs to interfaces.

Reapplying modified ACLs

If you make an ACL configuration change, you must reapply the ACLs to their interfaces to place the
change into effect.

An ACL configuration change includes any of the following:

Adding, changing, or removing an ACL or an entry in an ACL

Changing ToS-based QoS mappings

To reapply ACLs following an ACL configuration change, enter the following command at the global
CONFIG level of the CLI.

Brocade(config)# ip rebind-acl all

Syntax: [no] ip rebind-acl num | name | all

Applying ACLs to a virtual routing interface

The virtual interface is used for routing between VLANs and contains all the ports within the VLAN.
If the ACL is for the inbound traffic direction, you also can specify a subset of ports within the VLAN
containing a specified virtual interface when assigning an ACL to that virtual interface. But if the
ACL is for the outbound traffic direction, then it is not possible to specify a subset of ports within
the VLAN on the Brocade MLX Series and NetIron devices.

Use this feature when you do not want the ACLs to apply to all the ports in the virtual interface’s
VLAN or when you want to streamline ACL performance for the VLAN.

To apply an ACL to a subset of ports within a virtual interface, enter commands such as the
following.

See also other documents in the category Brocade Computer Accessories: