beautypg.com

Ipv6 acls, Sequence numbers – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 366

background image

348

Multi-Service IronWare Administration Configuration Guide

53-1003035-02

Sequence Numbers

A

permit 1.1.1.1 0.0.0.0

permit 2.2.2.2 0.0.0.0

permit 3.3.3.3 0.0.0.0

deny any

This method might work for small ACLs, but was impractical for ACLs containing many entries.

IPv6 ACLs

You could specify a sequence number to insert a new filter at a desired position in the ACL
table.

However, you could not insert a new filter between filters having adjacent sequence numbers.

For example, where the show ipv6 access-list command indicated that the “v6_acl” ACL had the
following entries:

Brocade(config)# show ipv6 access-list v6_acl

10: permit ipv6 1::1/128 any

20: permit ipv6 2::2/128 any

30: deny ipv6 any any

You could add a new entry and position it prior to the last entry by specifying an appropriate
sequence number. In the following example, the sequence number is specified as “21”.

Brocade(config)# ipv6 access-list v6_acl

Brocade(config-ipv6-access-list v6_acl)# permit ipv6 4::4/128 any sequence 21

Brocade(config-ipv6-access-list v6_acl)# exit

Brocade(config)# show ipv6 access-list v6_acl

10: permit ipv6 1::1/128 any

20: permit ipv6 2::2/128 any

21: permit ipv6 4::4/128 any sequence 21

30: deny ipv6 any any

However, it was not possible to insert a new entry between the consecutive sequence numbers
“20” and “21”.

Sequence Numbers

The ACL editing feature enhances the ACL functionality for filtering traffic with sequence numbers
that enable users to insert, modify or delete rules at any position in the ACL table, without having to
remove and reapply the entire ACL.

ACL editing introduces a:

Layer-2 and IPv4 ACLs

Sequencing capability: you can specify a sequence number in the ACL filter command and
insert a new filter in a desired position in the ACL table.

Layer-2, IPv4 ACLs and IPv6 ACLs

Re-sequencing capability: you can regenerate the ACL table to create space between filters
with consecutive sequence numbers.

Facility for deleting ACL entries by specifying the entry sequence number alone.

See also other documents in the category Brocade Computer Accessories: