beautypg.com

Creating a policy-map, Applying an ipv6 racl, Rebinding an ipv6 racl definition or policy-map – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 240: Displaying access-list binding information

background image

222

Multi-Service IronWare Security Configuration Guide

53-1003035-02

IPv6 receive ACLs

4

Creating a policy-map
To create a policy map “m1” to rate-limit traffic:

Brocade(config)# policy-map m1

Brocade(config-policymap m1)# cir 1000000 cbs 2000000

Brocade(config-policymap m1)# exit

Applying an IPv6 rACL
To configure IPv6 rACL to apply IPv6 access-list “b1” with a sequence number “15” to all interfaces
within the default VRF for all CPU-bound traffic, enter the following command:

Brocade(config)# ipv6 receive access-list b1 sequence 15

To configure IPv6 rACL to apply IPv6 access-list “b1” with a sequence number “15” with a
policy-map “m1”, enter the following command:

Brocade(config)# ipv6 receive access-list b1 sequence 15 policy-map m1

To configure IPv6 rACL to apply IPv6 access-list “b1” with a sequence number “15” and a
policy-map “m1” with strict -acl, enter the following command:

Brocade(config)# ipv6 receive access-list b1 sequence 15 policy-map m1 strict-acl

Syntax: [no] ipv6 receive access-list acl-name sequence seq-num [policy-map policy-map-name

[strict-acl]]

The acl-name variable specifies the name of the access-control list to apply to all interfaces within
the default VRF, for all CPU-bound traffic. The maximum length is 256 characters.

The sequence seq-num variable specifies the sequence number of the access-control list being
applied as a rACL. IPv6 rACL commands are applied in the order of the lowest to the highest
sequence numbers. The range of values is from 1 through 50.

The policy-map policy-map-name variable specifies the name of a policy map. When the policy-map
option is specified, traffic matching the “permit “clause of the specified IPv6 ACL is rate-limited as
defined in the policy map and IPv6 traffic matching the “deny” clause in the IPv6 ACL is permitted
without any rate limiting.

Thestrict-acl parameter specifies that traffic matching the “permit” clause of the specified IPv6 ACL
is rate-limited as defined in the policy map and IPv6 traffic matching the “deny” clause in the IPv6
ACL is dropped in the hardware.

Rebinding an IPv6 rACL definition or policy-map

When access list rules are modified or a policy map associated with a rACL is changed, an explicit
rebind must be performed to propogate the changes to the interfaces. To rebind an IPv6
access-control list, enter the following command:

Brocade(config)# ipv6 receive rebind-acl-all

Syntax: ipv6 receive rebind-acl-all

Displaying access-list binding information

To display all IPv6 access-lists (both rule-based and rACL) that are bound to different interfaces,
enter the following command:

See also other documents in the category Brocade Computer Accessories: