beautypg.com

Re-generating acl sequence numbers – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 368

background image

350

Multi-Service IronWare Administration Configuration Guide

53-1003035-02

Re-generating ACL sequence numbers

A

Brocade(config)#show access-list name v4_acl

10: permit 1.1.1.1 0.0.0.0

20: permit 2.2.2.2 0.0.0.0

21: sequence 21 permit 3.3.3.3 0.0.0.0

30: deny any

Re-generating ACL sequence numbers

You can create space between sequence numbers of adjacent filters by regenerating the sequence
numbers for ACL table entries. This allows new ACL entries be inserted between ACL entries that
previously had consecutive sequence numbers.

The regenerate-seq-num command, regenerates the sequence numbers of filters in the ACL table
without disturbing the order of the original filters. By default, during re-sequencing 10 is used as
the sequence number of the first filter. Regenerated sequence numbers for remaining filters in the
table are spaced in steps of 10.

The regenerate-seq-num command has an optional parameter that allows you to specify a
sequence number for the first filter in the regenerated ACL table. The valid sequence number range
is 1 through 214748364.

In the following example, the show ipv6 access-list command displays the entries in the IPv6 ACL
table “v6_acl”.

Brocade(config)# show ipv6 access-list v6_acl

10: permit ipv6 1::1/128 any

20: permit ipv6 2::2/128 any

21: permit ipv6 4::4/128 any sequence 21

30: deny ipv6 any any

The second entry has the sequence number “20”, while the third entry is numbered “21”. To insert
a new filter after the second entry, you need to create space between the second and third entries.
Use the following command to re-generate the ACL table sequence numbers.

Brocade(config)# ipv6 access-list v6_acl

Brocade(config-ipv6-access-list v6_acl)# regenerate-seq-num

The output from the show ipv6 access-list command is now:

Brocade#show ipv6 access-list v6_acl

10: permit ipv6 1::1/128 any

20: permit ipv6 2::2/128 any

30: permit ipv6 4::4/128 any sequence 30

40: deny ipv6 any any

You can now insert the new filter in the desired position. For example you can specify a sequence
number of “25” for the new entry,

Deleting ACL entries using the entry sequence number

ACL entries can be deleted by specifying the sequence number only. In the following example, a
filter rule is deleted by specifying its sequence number.

See also other documents in the category Brocade Computer Accessories: