Configuration example for ip broadcast acl – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

142

Multi-Service IronWare Security Configuration Guide

53-1003035-02

IP broadcast ACL

3

The no option is used to disable filtering of directed broadcast traffic on an individual interface.

NOTE

IP tunnel interfaces are not supported.

NOTE

Upon dynamically configuring or removing the ip broadcast-zero command, you must manually
rebind the subnet broadcast ACLs.

Configuration example for IP broadcast ACL

Figure 1

illustrates how filtering of IP directed broadcast traffic is enabled on the Router 3

interface. For example, to enable filtering of IP directed broadcast traffic on the Router 3 interface
1/2, you must configure an ACL with source IP address 10.1.1.2 and ACL action permit, and then
bind that ACL to interface 1/2 on Router 3 as the IP broadcast ACL. As a result of enabling the IP
broadcast ACL filter on the Router 3 interface, Router 3 allows the IP broadcast packet from the
source IP address 10.1.1.2 and drops the IP broadcast packet from any other source on port 1/2.

FIGURE 1

Filtering of IP directed broadcast traffic on the Router 3 interface

To configure an IP broadcast ACL on Router 3 interface 1/2, enter the following commands.

Brocade(config)# access-list 1 permit host 10.1.1.2

Brocade(config)# interface ethernet 1/1

Brocade(config-if-e10000-1/1)# enable

Brocade(config-if-e10000-1/1)# ip address 10.1.1.1/24

Brocade(config-if-e10000-1/1)# exit

Brocade(config)# interface ethernet 1/2

Brocade(config-if-e10000-1/2)# enable

Brocade(config-if-e10000-1/2)# ip address 10.1.1.1/24

Brocade(config-if-e10000-1/2)# ip subnet-broadcast-acl 1

Brocade(config-if-e10000-1/2)# ip directed-broadcast

Brocade(config-if-e10000-1/2)# exit

Displaying accounting information for IP broadcast ACL

To display the accounting information for an IP broadcast ACL at the IP interface level, enter the
following command.