Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual
Page 193
Multi-Service IronWare Security Configuration Guide
175
53-1003035-02
Configuring an IPv6 Access Control List
4
The following example displays show access-list command output for IPv6 ACL “ip6_”when
suppress-acl-seq is OFF.
Brocade(config)# show access-list ip6_
ipv6 access-list ip6_: 11 entries
0: remark unused default comment
1: remark-entry sequence 1 unused comment
5: remark allowonly udp traffic from 1::5
5: permit udp host 1::5 any sequence 5
7: remark-entry sequence 7 permit all ipv6 traffic for 1::3
9: remark-entry sequence 9 deny udp traffic for 1::2
9: deny udp host 1::2 any sequence 9
10: remark-entry sequence 10 permit all ipv6 traffic for 1::1
10: permit ipv6 host 1::1 any
12: remark allow only sctp traffic for 1::10
12: permit sctp host 1::10 any sequence 12
15: remark-entry sequence 15 deny all tcp traffic for 1::9
17: remark-entry sequence 17 deny tcp traffic for 1::2
17: deny tcp host 1::2 any sequence 17
23: remark-entry sequence 23 allow rest of the ipv6 traffic for 1::2
23: permit ipv6 host 1::2 any sequence 23
28: remark-entry sequence 28 permit all ipv6 traffic for 1::9
To turn suppress-acl-seq ON and display the show access-list command output again, enter the
following commands.
Brocade(config)# acl-policy
Brocade(config-acl-policy)# suppress-acl-seq
Brocade(config-acl-policy)# exit
Brocade(config)# show access-list ip6_
ipv6 access-list ip6_: 11 entries
0: remark unused default comment
1: remark-entry sequence 1 unused comment
5: remark allowonly udp traffic from 1::5
5: permit udp host 1::5 any
7: remark-entry sequence 7 permit all ipv6 traffic for 1::3
9: remark-entry sequence 9 deny udp traffic for 1::2
9: deny udp host 1::2 any
10: remark-entry sequence 10 permit all ipv6 traffic for 1::1
10: permit ipv6 host 1::1 any
12: remark allow only sctp traffic for 1::10
12: permit sctp host 1::10 any
15: remark-entry sequence 15 deny all tcp traffic for 1::9
17: remark-entry sequence 17 deny tcp traffic for 1::2
17: deny tcp host 1::2 any
23: remark-entry sequence 23 allow rest of the ipv6 traffic for 1::2
23: permit ipv6 host 1::2 any
28: remark-entry sequence 28 permit all ipv6 traffic for 1::9
Because suppress-acl-seq is ON, the system hides the user-configured sequence numbers for ACL
filters.
The following examples show how the suppress-acl-seq state affects the display of remark-entry
configuration statements. When suppress-acl-seq is OFF, the running-config for IPv6 ACL “ip6_” is:
ipv6 access-list ip6_
remark-entry sequence 1 unused comment
remark allow only udp traffic from 1::5
permit udp host 1::5 any sequence 5