beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 99

background image

Multi-Service IronWare Security Configuration Guide

81

53-1003035-02

Creating a numbered Layer-2 ACL table

2

The priority option assigns outgoing traffic that matches the ACL to a hardware forwarding queue
based on the incoming 802.1p value. If the incoming packet priority is lower than the specified
value, the outgoing packet priority is set to the specified value. Should the incoming packet priority
have a higher priority than the specified value, the priority is not changed. This option is applicable
for inbound ACLs only.

The priority-force option sets the outgoing priority of the matching packet to the specified value,
regardless of the incoming packet priority value. This option is applicable for inbound ACLs only.

The priority-mapping option matches on the incoming packet’s 802.1p value. This option does not
change the packet’s forwarding internal forwarding queue or change the outgoing 802.1p value.
This keyword is applicable for both inbound and outbound ACLs.

The 802.1p-value variable specifies one of the following QoS queues for use with the priority,
priority-force options

0 – qosp0

1 – qosp1

2 – qosp2

3 – qosp3

4 – qosp4

5 – qosp5

6 – qosp6

7 – qosp7

Use the [no] parameter to delete the Layer-2 ACL clause from the table. When all clauses are
deleted from a table, the table is automatically deleted from the system.

The following shows some examples of valid Layer-2 ACL clauses.

Brocade(config)# access-list 501 permit 0025.0113.0101 ffff.ffff.ffff

0021.3113.0101 ffff.ffff.ffff any etype any priority 2

Brocade(config)# access-list 501 deny 0025.0113.0102 ffff.ffff.ffff

0021.3113.0101 ffff.ffff.ffff any etype any log

Brocade(config)# access-list 501 permit any 0021.3121.0101 ffff.ffff.ffff any

etype any priority-mapping 1

Brocade(config)# access-list 501 deny 0025.0122.010a ffff.ffff.ffff any any etype

arp log

Brocade(config)# access-list 501 permit 0025.0123.010a ffff.ffff.ffff

0021.3113.0101 ffff.ffff.ffff any etype ipv4-l5 mirror

Brocade(config)# access-list 501 permit 0025.0124.010a ffff.ffff.ffff

0021.3113.0101 ffff.ffff.ffff any etype ipv6 mirror priority-force 5

Brocade(config)# access-list 501 permit 0025.0124.010c ffff.ffff.ffff

0021.3113.0101 ffff.ffff.ffff any etype any

Brocade(config)# access-list 501 deny any any 1618 etype any priority-mapping 0

Brocade(config)# access-list 501 deny any any 1615 etype any priority-force 5

Brocade(config)# access-list 501 deny any any 1613 etype any priority 3

See also other documents in the category Brocade Computer Accessories: