beautypg.com

Deletion of acls bound to an interface – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 144

background image

126

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Applying ACLs to interfaces

3

Brocade(config)# vlan 10 name IP-subnet-vlan

Brocade(config-vlan-10)# untag ethernet 1/1 to 1/20 ethernet 2/1 to 2/12

Brocade(config-vlan-10)# router-interface ve 1

Brocade(config-vlan-10)# exit

Brocade(config)# access-list 1 deny host 10.157.22.26

Brocade(config)# access-list 1 deny 10.157.29.12

Brocade(config)# access-list 1 deny host IPHost1

Brocade(config)# access-list 1 permit any

Brocade(config)# interface ve 1

Brocade(config-vif-1)# ip access-group 1 in ethernet 1/1 ethernet 1/3 ethernet 2/1

to 2/4

The commands in this example configure port-based VLAN 10, add ports 1/1 – 2/12 to the VLAN,
and add virtual routing interface 1 to the VLAN. The commands following the VLAN configuration
commands configure ACL 1. Finally, the last two commands apply ACL 1 to a subset of the ports
associated with virtual interface 1.

Syntax: [no] ip access-group num in [ethernet slot/portnum] [slot/portnum...] to slot/portnum

The ethernet slot/portnum option allow you to limit the ACL to a subset of ports within the virtual
interface. You can also use the to slot/portnum option to specify a range of ports. A maximum of 4
port ranges are supported.

Deletion of ACLs bound to an interface

To delete an ACL bound to an interface, use the force-delete-bound-acl command.

Initially force-delete-bound-acl is disabled.

Brocade(config)#acl-policy

Brocade(config-acl-policy)# force-delete-bound-acl

The no force-delete-bound-acl command does not allow the ACLs bound to an interface to be
deleted.

Brocade(config-acl-policy)# no force-delete-bound-acl

Syntax: [no] force-delete-bound-acl

When force-delete-bound-acl is enabled, it allows deletion of ACLs bound to one or more interfaces.
After enabling this command for the deletion of the ACLs, however the binding of the ACL to an
interface still remains. On rebinding this will be an empty ACL and will have no affect on traffic
forwarding. On rebinding the CAM entries are reprogrammed appropriately, so no ACL filtering takes
place after the ACL is deleted. This command is available as a sub-command of acl-policy
command. However like any other ACL modification the CAM is only reprogrammed during rebind.
Without a rebind the old filters are still present in the CAM.

NOTE

In case of subnet broadcast ACL bindings, when an empty ACL is bound to an interface, implicit deny
entries are programmed to the CAM and will have effect on traffic forwarding.

An example of the command is as below.

Brocade(config-acl-policy)# force-delete-bound-acl

Brocade(config-acl-policy)# exit

Brocade(config)# show access-list all

ACL configuration:

!

See also other documents in the category Brocade Computer Accessories: