beautypg.com

Brocade Multi-Service IronWare QoS and Traffic Management Configuration Guide (Supporting R05.6.00) User Manual

Page 47

background image

Multi-Service IronWare QoS and Traffic Management Configuration Guide

33

53-1003037-02

IPv6 ACL-based rate limiting

2

Brocade(config-if-1/1)# rate-limit output access-group name ipv6 fdry priority q0

policy-map map5

Configure strict-ACL rate-limiting on the interface

By default, rate-limiting is applied to traffic that matches a permit clause. If the traffic does not
match any clause or if the traffic matches a deny clause, it is forwarded normally (neither dropped
nor rate-limited). You can choose to drop packets that do not match any clause or that match the
deny clause by configuring the strict ACL option under an interface.

NOTE

The strict ACL option is independent of ACL type (Layer 2/IPv4/IPv6).

When Strict ACL is enabled without any option, it applies to Layer-2, IPv4, and IPv6 ACL based
rate-limiting configured on that port. The following command enables strict-ACL rate-limiting on an
interface.

Brocade(config-if-1/1)# rate-limit strict-acl

Syntax: [no] rate-limit strict-acl

The following IPv6 ACL v6_permit_h2 has a permit and a deny clause.

Brocade(config)# ipv6 access-list v6_permit_h2

Brocade(config-ipv6-access-list-v6_permit_h2)# permit ipv6 host 1000:2382:e0bb::1

any

Brocade(config-ipv6-access-list-v6_permit_h2)# deny ipv6 host 3000::1 any

The following configuration enables strict ACL option on interface 2/1.

Brocade(config)# interface ethernet 2/1

Brocade(config-if-e1000-2/1)# rate-limit strict-acl

Brocade(config-if-e1000-2/1)# rate-limit input access-group name ipv6

v6_permit_h2 policy-map 1mbps

Traffic matching the permit clause will be rate-limited as per the rate values of the policy-map
1mbps.

Traffic which does not match any clause or that matches the deny clause will be dropped.

Deleting an IPv6 Access-List which is bound to rate-limit

When user attempts to delete an access-list which is bound to rate-limit profile, an error is thrown
to the user that the ACL is in use.

Brocade (config)# no ipv6 access-list sample_v6

IPv6 ACL sample_v6 attached to an interface : error - ACL In Use.

To delete an IPv6 access-list which is bound to rate-limit profile, use the following configuration.

Brocade (config)# acl-policy

Brocade (config-acl-policy)#force-delete-bound-acl

After the force-delete-bound-acl configuration is enabled, you can delete any ACL even if it is bound.

See also other documents in the category Brocade Computer Accessories: