beautypg.com

Adding a comment to an ipv6 acl entry – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 227

background image

Multi-Service IronWare Security Configuration Guide

209

53-1003035-02

Adding a comment to an IPv6 ACL entry

4

Adding a comment to an IPv6 ACL entry

You can optionally add a comment to describe entries in an IPv6 ACL. The comment appears in the
output of show commands that display ACL information.

You can add a comment by entering the remark command immediately preceding an ACL entry, or
specify the ACL entry to which the comment applies.

For example, to enter comments for preceding an ACL entry, enter commands such as the
following.

In the following example, remarks are entered immediately preceding ACL entries that specify
sequence numbers.

Brocade(config)# ipv6 access-list ipv6_acl

Brocade(config-ipv6-access-list-ipv6_acl)# remark test-entry

Brocade(config-ipv6-access-list-ipv6_acl)# deny sctp any any sequence 1

Brocade(config-ipv6-access-list-ipv6_acl)# remark-entry sequence 5 test_acl

Brocade(config-ipv6-access-list-ipv6_acl)# permit esp 2::/64 any sequence 5

Brocade(config-ipv6-access-list-ipv6_acl)# remark test_remark

Brocade

(config-ipv6-access-list-ipv6_acl)# deny ipv6 any any sequence 23

Syntax: [no] remark comment-text

The comment-text can be up to 256 characters in length.

The remark command provisions a default comment. Only one default comment is maintained; it is
overwritten by any subsequent remark command. The default remark is associated with the next
provisioned filter as follows:

If the immediately following filter is provisioned without a sequence number, the system
assigns a default sequence number:

And a remark for this system-assigned sequence number already exists, then the filter
gets associated with that remark and default remark remains unused.

And a remark for this system-assigned sequence number does not exist, then the default
remark gets associated with the filter.

If the immediately following filter is provisioned with a sequence number:

And a remark for this sequence number already exists, then the filter gets associated with
that remark and default remark remains unused.

And a remark for this sequence number does not exist, then the default remark gets
associated with the filter.

Brocade(config)#ipv6 access-list rtr

Brocade(config-ipv6-access-list rtr)# remark This entry permits ipv6 packets from

3002::2 to any destination

Brocade(config-ipv6-access-list rtr)# permit ipv6 host 3000::2 any

Brocade(config-ipv6-access-list rtr)# remark This entry denies udp packets from

any source to any destination

Brocade(config-ipv6-access-list rtr)# deny udp any any

Brocade(config-ipv6-access-list rtr)# remark This entry denies IPv6 packets from

any source to any destination

Brocade(config-ipv6-access-list rtr)# deny ipv6 any any

Brocade(config-ipv6-access-list rtr)# write memory

See also other documents in the category Brocade Computer Accessories: