Acl editing and sequence numbers, Background, Layer-2 and ipv4 acls – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual
Page 365: Appendix a, Appendix a, “acl editing and sequence numbers, Appendix
Multi-Service IronWare Administration Configuration Guide
347
53-1003035-02
Appendix
A
ACL Editing and Sequence Numbers
This appendix presents functional information about the ACL editing feature introduced in
Multi-Service IronWare R05.6.00 and detailed in
Chapter 2, “Layer 2 Access Control Lists”
Chapter 4, “Configuring an IPv6 Access Control List”
.
Background
Prior to Multi-Service IronWare R05.6.00, the limitations described below applied when adding new
entries to an existing ACL table.
Layer-2 and IPv4 ACLs
•
New filters were always appended at the end of the ACL table.
•
You could not insert new filters at a desired position in the ACL table.
For example, where the show access-list command indicated that the “v4_acl” ACL had the
following entries:
Brocade(config)# show access-list name v4_acl
permit 1.1.1.1 0.0.0.0
permit 2.2.2.2 0.0.0.0
deny any
If you wished to insert a new entry, it would be added to the end of the table. The following example
adds a new entry “permit 3.3.3.3/32” and then displays the access list:
Brocade(config)# ip access-list standard v4_acl
Brocade(config-std-nacl-v4_acl)# permit 3.3.3.3/32
Brocade(config-std-nacl-v4_acl)# exit
Brocade(config)# show access-list name v4_acl
permit 1.1.1.1 0.0.0.0
permit 2.2.2.2 0.0.0.0
deny any
permit 3.3.3.3 0.0.0.0
To insert the “permit 3.3.3.3 0.0.0.0” rule prior to the “deny any” rule, you had to delete and re-add
the “deny any” rule as follows:
Brocade(config)#ip access-list standard v4_acl
Brocade(config-std-nacl-v4_acl)# no deny any
Brocade(config-std-nacl-v4_acl)# permit 3.3.3.3/32
Brocade(config-std-nacl-v4_acl)# deny any
Brocade(config-std-nacl-v4_acl)# exit
Brocade(config)# show access-list name v4_acl