beautypg.com

Applying rate limiting on racl defined traffic – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 166

background image

148

Multi-Service IronWare Security Configuration Guide

53-1003035-02

IP receive ACLs

3

NOTE

An implicit deny ip any any will be programmed at the end, after all other rACLs. This implicit clause
will always be programmed to drop the matching traffic.

Configuring rACL to apply a defined ACL and establishing the sequence of rACL
commands

To configure rACL to apply ACL number “101” with a sequence number of “15” to all interfaces
within the default VRF for all CPU-bound traffic, enter the following command:

Brocade(config)# ip receive access-list 101 sequence 15

If you are using loopback interfaces for all BGP peering sessions, you can define an ACL that only
permits BGP traffic from a specified source IP address. Where the peer source has an IP address of
10.1.1.1 and the loopback IP address on the device is 10.2.2.2, the access list command is
configured as shown in the following.

Brocade(config)# access-list 106 permit tcp host 10.1.1.1 host 10.2.2.2 eq bgp

The rACL command that implements ACL “106” is configured as shown in the following.

Brocade(config)# ip receive access-list 106 sequence 10

To configure rACL to apply the named ACL “acl_stand1” with a sequence number of “10” to all
interfaces within the default VRF for all CPU-bound traffic, enter the following command:

Brocade(config)# ip receive access-list acl_stand1 sequence 10

Syntax: [no] ip receive access-list {acl-num | acl-name} sequence seq-num

The

{acl-num | acl-name}

variable identifies the ACL (standard or extended) that you want to apply

to all interfaces within the default VRF for all CPU-bound traffic.

The sequence seq-num option defines the sequence in which the rACL commands will be applied.
The valid range is from 1 through 200. Commands are applied in order of the lowest to highest
sequence numbers. For example, if the following rACL commands are entered.

Brocade(config)# ip receive access-list 100 sequence 10

Brocade(config)# ip receive access-list 101 sequence 25

Brocade(config)# ip receive access-list 102 sequence 15

The effective binding of the commands will be in the following order.

ip receive access-list 100 sequence 10

ip receive access-list 102 sequence 15

ip receive access-list 101 sequence 25

Using the [no] option removes the rACL access list defined in the command.

Applying rate limiting on rACL defined traffic

The rACL feature allows you to apply rate limiting to CPU-bound traffic using the policy-map and
strict-acl options of the ip receive access-list command.

To configure rACL to apply the named ACL “acl_stand1” with a policy-map “m1”, enter the following
command.

Brocade

(config)# ip receive access-list acl_stand1 sequence 10 policy-map m1

See also other documents in the category Brocade Computer Accessories: