beautypg.com

Ip receive access-list – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 181

background image

Multi-Service IronWare Security Configuration Guide

163

53-1003035-02

ip receive access-list

3

ip receive access-list

Configures an IPv4 access-control list as an IPv4 receive access-control list (rACL).

The no form of the basic command removes the rACL.

The no form of the command with the policy-map option specified removes both the policy-map
and the strict-acl option: the rACL remains.

The no form of the command with both policy-map and strict-acl options specified, removes the
strict-acl option: the rACL with policy-map remains and traffic matching “deny” clauses starts
passing to the CPU.

Syntax

ip receive access-list {acl-num | acl-name} sequence seq-num [policy-map policy-map-name
[strict-ac l]]

no ip receive access-list {acl-num| acl-name} sequence seq-num [policy-map policy-map-name
[strict-acl]]

Command

Default

By default, traffic matching the “permit” clause in the specified IPv4 ACL is permitted and traffic
matching the “deny” clause in the specified IPv4 ACL is dropped in the hardware.

Parameters

acl-num| acl-name Specifies, in number or name format, the access-control list to apply to all

interfaces within the default VRF, for all CPU-bound traffic.

sequence seq-num Defines the sequence number of the access-control list being applied as a

rACL. IPv4 rACL commands are applied in the order of the lowest to the
highest sequence numbers. The range of values is from 1 through 200.

policy-map policy-map-name

Specifies the name of a policy map. When the policy-map option is specified,
traffic matching the “permit “clause of the specified IPv4 ACL is rate-limited
as defined in the policy map and IPv4 traffic matching the “deny” clause in
the IPv4 ACL is permitted without rate limiting.

strict-acl

Specifies that traffic matching the “permit” clause of the specified IPv4 ACL is
rate-limited as defined in the policy map and IPv4 traffic matching the “deny”
clause in the IPv4 ACL is dropped in the hardware.

Command

Modes

Global configuration mode

Examples

The following example configures the IPv4 ACL “101”as a rACL with the sequence number “15”.

Brocade(config)# ip receive access-list 101 sequence 15

The following example configures the IPv4 ACL “acl_stand1” as an rACL with the sequence number
“10”.

Brocade(config)# ip receive access-list acl_stand1 sequence 10

The following example removes the strict-acl option so that traffic matching “deny” clauses starts
passing to the CPU: the rACL “acl_stand1” with the policy map “m1” remains.

Brocade(config)# no ip receive access-list acl_stand1 sequence 10 policy-map m1

strict-acl

See also other documents in the category Brocade Computer Accessories: