beautypg.com

Icmp filtering for extended acls, Numbered acls, Named acls – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 155

background image

Multi-Service IronWare Security Configuration Guide

137

53-1003035-02

ICMP filtering for extended ACLs

3

Brocade(config)# access-list 100 permit udp 10.1.1.0/24 10.75.34.0/24

priority-mapping 7

The priority-mapping parameter specifies one of the eight possible 802.1p priority values. Possible
values are between 0 and 7.

NOTE

When the priority configured for a physical port and the 802.1p priority of an arriving packet differ,
the higher of the two priorities is used.

ICMP filtering for extended ACLs

Extended IPv4 ACL policies can be created to filter traffic based on its ICMP message type. You can
either enter the description of the message type or enter its type and code IDs. All packets
matching the defined ICMP message type or type number and code number are processed in
hardware.

Numbered ACLs

For example, to deny the echo message type in a numbered, extended ACL, enter commands such
as the following when configuring a numbered ACL.

Brocade(config)# access-list 109 deny icmp any any echo

or

Brocade(config)# access-list 109 deny icmp any any 8 0

Syntax: [no] access-list num deny | permit [vlan vlan_id] icmp any any icmp-type | type-number

code-number

The deny | permit parameter indicates whether packets that match the policy are dropped or
forwarded.

You can either enter the name of the message type for icmp-type or the message’s type number
and code number of the message type. Refer to Table 20 for valid values.

Named ACLs

For example, to deny the administratively-prohibited message type in a named ACL, enter
commands such as the following.

Brocade(config)# ip access-list extended entry

Brocade(config-ext-nacl)# deny ICMP any any administratively-prohibited

or

Brocade(config)# ip access-list extended entry

Brocade(config-ext-nacl)#deny ICMP any any 3 13

Syntax: [no] ip access-list extended acl-name

deny | permit host icmp any any icmp-type | type-number code-number

The extended parameter indicates the ACL entry is an extended ACL.

See also other documents in the category Brocade Computer Accessories: