beautypg.com

Re-sequencing a numbered layer-2 acl table – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 96

background image

78

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Creating a numbered Layer-2 ACL table

2

In the above example, the first ACL entry will have default sequence number “10” assigned to it,
the second ACL entry will have user defined sequence number “12”, and the third ACL entry will
have a sequence number “20” assigned to it (smallest number divisible by 10 which is greater than
12), and the fourth ACL entry will be have a sequence number “30” assigned to it (smallest number
divisible by 10 which is greater than 20), and the fifth ACL entry will have user defined sequence
number “37”, and the sixth ACL entry will have a sequence number “40” assigned to it (smallest
number divisible by 10 which is greater than 37) and so on.

The following example creates a numbered Layer-2 ACL table “401” with two ACL entries.

Brocade(config)# access-list 401 permit 0000.1111.1111 ffff.ffff.ffff any any

etype any

Brocade(config)# access-list 401 sequence 23 permit 0000.1111.1121 ffff.ffff.ffff

any 23 etype any

The first entry in this example does not specify an ACL entry sequence number. Therefore the
system assigns the default sequence number “10”. In the second entry, the sequence number is
specified as “23”. The output from the show access-list

command for the ACL table is:

Brocade(config)# show access-list 401

L2 MAC Access List 401:

10: permit 0000.1111.1111 ffff.ffff.ffff any any etype any

23: sequence 23 permit 0000.1111.1121 ffff.ffff.ffff any 23 etype any

The show access-list command only displays user-configured sequence numbers. In this example,
“sequence 23” is shown for the second ACL entry because this is a user-specified sequence
number. ACL entry sequence numbers that are generated by the system are not displayed.

NOTE

If you specify a sequence number that is already used by another ACL filter rule, the following error
message is displayed.

"Error: Entry with sequence 23 already exists!"

NOTE

If you specify a sequence number which is greater than the limit (214748364) the following error
message is displayed.

"Error: Valid range for sequence is 1 to 214748364"

Re-sequencing a numbered Layer-2 ACL table

To allow new ACL entries to be inserted between ACL entries that have consecutive sequence
numbers, you can create space between sequence numbers of adjacent filters by regenerating the
ACL table.

To re-sequence ACL table “407”, use the following command.

Brocade(config)# access-list 407 regenerate-seq-num

This command regenerates the filter sequence numbers in steps of 10, assigning the default
sequence number “10” to the first entry in the table.

NOTE

If sequence numbers generated by the regenerate-seq-num command cross the limit (214748364),
then re-sequencing of ACL filters will not take place and the following error message is displayed.

"Error: Valid range for sequence is 1 to 214748364".

See also other documents in the category Brocade Computer Accessories: