Acl syntax – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Multi-Service IronWare Security Configuration Guide

197

53-1003035-02

Extended IPv6 ACLs

4

•

The following actions are available for the ingress ACL:

-

Permit

-

Deny

-

Copy-sflow

-

Drop-precedence

-

Drop-precedence-force

-

Priority-force

-

Mirror

The following actions are available for the egress ACL:

•

Permit

•

Deny

Unsupported features for Brocade NetIron CES and Brocade NetIron
CER devices

The following features are not supported on the Brocade NetIron CES and Brocade NetIron CER
devices:

•

ACL deny logging is not supported.

•

The acl-outbound exclude-switched-traffic command to exclude switched traffic from outbound
ACL filtering is not supported.

•

The acl-frag-conservative command to change the operation of ACLs on fragmented packets is
not supported.

•

The suppress-rpf-drop command to suppress RPF packet drops for a specific set of packets
using inbound ACLs is not supported.

•

For all NetIron devices, if a port has an IPv4 or IPv6 ACL applied, you must remove the ACL
bindings before adding that port to a VLAN that has a VE interface.

NOTE

For all NetIron devices running any previous version than 5.5, you must remove the ACL
bindings before adding a port to any VLAN and then re-apply the ACL bindings after VLAN is
configured on the port.

ACL syntax

The command syntax for the IPv6 ACLs is as follows.

Syntax: [no] ipv6 access-list acl name

Syntax: permit | deny protocol

ipv6-source-prefix/prefix-length | any | host source-ipv6_address
ipv6-destination-prefix/prefix-length | any | host ipv6-destination-address
[ipv6-operator [value]]
[copy-sflow] | [drop-precedence dp-value] | [drop-precedence-force dp-value] |
[dscp-marking number] | [dscp dscp-value] | [mirror] | [priority-force number] |
[sequence num]