beautypg.com

Internal and user specified, Displaying acl entry sequence numbers, Creating an acl filter – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 367

background image

Multi-Service IronWare Administration Configuration Guide

349

53-1003035-02

Creating an ACL filter

A

Internal and User Specified

With the ACL editing feature, a sequence number is assigned to each ACL entry and ACL rules are
applied in the order of lowest to highest sequence number. Sequence numbers may be assigned by
the system or user specified.

The optional sequence parameter in the ACL filter command allows you to specify a sequence
number for a new ACL entry and to thereby insert the filter at a desired position in an ACL table. The
valid sequence number range is 1 through 214748364.

If you do not specify a sequence number when configuring a new filter, an internal sequence
number is assigned. The sequence number “10” is assigned to first filter in a table and 10+ the
sequence number of the last ACL filter, is assigned to subsequent filters. Therefore, by default new
filters are added to the end of the ACL table.

Displaying ACL entry sequence numbers

The output from show access-list commands displays ACL entry sequence numbers. In the
following example, the internal sequence number assigned to each filter is displayed to the left of
the rule detail. In the third filter, “sequence 21” is displayed immediately after the internal
sequence number: this indicates that the sequence number is user-specified.

#show access-list name v4_acl

10: permit 1.1.1.1 0.0.0.0

20: permit 2.2.2.2 0.0.0.0

21: sequence 21 permit 3.3.3.3 0.0.0.0

30: deny any

Creating an ACL filter

The following example configures a standard IPv4 ACL table “v4_acl” with three filter rules.

Brocade(config)# ip access-list standard v4_acl

Brocade(config-std-nacl-v4_acl)# permit 1.1.1.1/32

Brocade(config-std-nacl-v4_acl)# permit 2.2.2.2/32

Brocade(config-std-nacl-v4_acl)# deny any

Because sequence numbers are not specified in this example, the system generates a sequence
number for each entry. The output from the show access-list command is as follows:

Brocade(config)# show access-list name v4_acl

10: permit 1.1.1.1 0.0.0.0

20: permit 2.2.2.2 0.0.0.0

30: deny any

To insert a new filter between the second and third entry in the “v4_acl” ACL table, you must
specify a sequence number for the new entry that will place in this position in the table.The
following example configures a new filter with the sequence number “21”.

Brocade(config) #ip access-list standard v4_acl

Brocade(config-std-nacl-v4_acl)# sequence 21 permit 3.3.3.3/32

The new filter is now placed in the desired position within the “v4_acl” ACL table. The output from
the show access-list command is as follows:

See also other documents in the category Brocade Computer Accessories: