beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 6

background image

vi

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Chapter 3

Access Control List

How the Brocade device processes ACLs . . . . . . . . . . . . . . . . . . . . .95

General configuration guidelines . . . . . . . . . . . . . . . . . . . . . . . .95
Configuration considerations for dual inbound ACLs on Brocade
NetIron CES and Brocade NetIron CER devices. . . . . . . . . . . . .96
Configuration considerations for IPv4 outbound
ACLs on VPLS, VLL, and VLL-Local endpoints . . . . . . . . . . . . . .96

Disabling outbound ACLs for switching traffic . . . . . . . . . . . . . . . . . 97

Globally enabling outbound ACLS for switching traffic . . . . . . . 97
Enabling outbound ACLS for switching traffic per port . . . . . . .98

Default ACL action. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

Types of IP ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

ACL IDs and entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Enabling support for additional ACL statements . . . . . . . . . . . .99
ACL editing and sequence numbers. . . . . . . . . . . . . . . . . . . . .100

Configuring numbered and named ACLs. . . . . . . . . . . . . . . . . . . . .101

Configuring standard numbered ACLs . . . . . . . . . . . . . . . . . . .101
Configuring extended numbered ACLs . . . . . . . . . . . . . . . . . . .105
Configuring standard or extended named ACLs . . . . . . . . . . .115
Displaying ACL definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
Adding 1000 Layer-2 numbered ACL . . . . . . . . . . . . . . . . . . . .119
VLAN Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120

Simultaneous per VLAN rate limit and QoS. . . . . . . . . . . . . . . . . . .120

Modifying ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121

Adding or deleting a comment . . . . . . . . . . . . . . . . . . . . . . . . .123

Applying ACLs to interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125

Reapplying modified ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125
Applying ACLs to a virtual routing interface . . . . . . . . . . . . . . .125
Deletion of ACLs bound to an interface . . . . . . . . . . . . . . . . . .126

Enabling ACL duplication check . . . . . . . . . . . . . . . . . . . . . . . . . . . .127

Enabling ACL conflict check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128

Enabling ACL filtering of fragmented or
non-fragmented packets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128

Configuring the conservative ACL fragment mode . . . . . . . . .129

ACL filtering for traffic switched within a virtual
routing interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135

Filtering and priority manipulation based on
802.1p priority. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135

Example using the priority option (IPv4). . . . . . . . . . . . . . . . . .136
Example using the priority force option . . . . . . . . . . . . . . . . . .136
Example using the priority mapping option . . . . . . . . . . . . . . .136

ICMP filtering for extended ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . .137

Binding IPv4 inbound ACLs to a management port . . . . . . . . . . . .139

See also other documents in the category Brocade Computer Accessories: