Enabling acl duplication check – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 145

Multi-Service IronWare Security Configuration Guide

127

53-1003035-02

Enabling ACL duplication check

mac access-list SampleACL

permit any any 10 etype any

Brocade(config)# show access-list bindings

L4 configuration:

interface ethe 2/1

mac access-group SampleACL in

Brocade(config)#show cam l2acl

SLOT/PORT Interface number

Brocade(config)# sh cam l2acl 2/1

LP Index VLAN Src MAC Dest MAC Port Action PRAM

(Hex) (Hex)

2 0a3800 10 0000.0000.0000 0000.0000.0000 0 Pass 0009c

2 0a3802 0 0000.0000.0000 0000.0000.0000 0 Drop 0009d

Brocade(config)#

Brocade(config)#no mac acc SampleACL

Brocade(config)#sh cam l2acl 2/1

LP Index VLAN Src MAC Dest MAC Port Action PRAM

(Hex) (Hex)

Brocade(config)#show access-list all ACL configuration:

Brocade(config)#show access-list bindings

L4 configuration:

interface ethe 2/1 mac access-group SampleACL in

Brocade(config)#

NOTE

Rebinding of an ACL is explicitly required for IPv4 and IPv6 ACLs.

Enabling ACL duplication check

If desired, you can enable software checking for duplicate ACL entries. To do so, enter the following
command at the Global CONFIG level of the CLI.

Brocade(config)# acl-duplication-check

Brocade(config)# access-list 173 permit ip host 1.1.6.197 198.6.1.0 0.0.0.255

Error: Duplicate entry in ACL 173

permit ip host 1.1.6.197 198.6.1.0 0.0.0.255

The above example generates an error message from the system as access-list 173 has a duplicate
entry. For no command, enter the following command at the Global CONFIG level of the CLI.

Brocade(config)# no acl-duplication-check

Brocade(config)#

Brocade(config)# access-list 173 permit ip host 1.1.6.195 198.6.1.0 0.0.0.255

Brocade(config)# sh acc 173

Extended IP access list 173

0: permit ip host 1.1.6.195 198.6.1.0 0.0.0.255

1: permit ip host 1.1.6.195 198.6.1.0 0.0.0.255