beautypg.com

Brocade TurboIron 24X Series Configuration Guide User Manual

Page 24

background image

xxiv

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .894

VRRP example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .894
VRRPE example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .895

Chapter 28

Configuring Rule-Based IP Access Control Lists

ACL overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .897

Types of IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .898
ACL IDs and entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .898
Numbered and named ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . .899
Default ACL action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .899

How hardware-based ACLs work . . . . . . . . . . . . . . . . . . . . . . . . . . .899

How fragmented packets are processed . . . . . . . . . . . . . . . . .899
Hardware aging of Layer 4 CAM entries . . . . . . . . . . . . . . . . . .900

Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .900

Configuring standard numbered ACLs. . . . . . . . . . . . . . . . . . . . . . .901

Standard numbered ACL syntax . . . . . . . . . . . . . . . . . . . . . . . .901
Configuration example for standard numbered ACLs . . . . . . .902

Configuring standard named ACLs . . . . . . . . . . . . . . . . . . . . . . . . .903

Standard named ACL syntax . . . . . . . . . . . . . . . . . . . . . . . . . . .903
Configuration example for standard named ACLs . . . . . . . . . .904

Configuring extended numbered ACLs . . . . . . . . . . . . . . . . . . . . . .905

Extended numbered ACL syntax . . . . . . . . . . . . . . . . . . . . . . . .906
Configuration examples for extended numbered ACLs . . . . . .909

Configuring extended named ACLs . . . . . . . . . . . . . . . . . . . . . . . . .911

Extended named ACL syntax. . . . . . . . . . . . . . . . . . . . . . . . . . .911
Configuration example for extended named ACLs. . . . . . . . . .915

Preserving user input for ACL TCP/UDP port numbers. . . . . . . . . .915

Managing ACL comment text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .916

Adding a comment to an entry in a numbered ACL. . . . . . . . .916

Applying an ACL to a virtual interface in a protocol-
or subnet-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917

Enabling ACL logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917

Enabling strict control of ACL filtering of fragmented packets. . . .919

Enabling ACL support for switched traffic in the router image . . .920

Enabling ACL filtering based on VLAN membership or VE port
membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .920

Applying an IPv4 ACL to specific VLAN members on
a port (Layer 2 devices only) . . . . . . . . . . . . . . . . . . . . . . . . . . .921
Applying an IPv4 ACL to a subset of ports on a virtual
interface (Layer 3 devices only) . . . . . . . . . . . . . . . . . . . . . . . .922

Filtering on IP precedence and ToS values . . . . . . . . . . . . . . . . . . .922

QoS options for IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .923

DSCP matching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .924

ACL-based rate limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .925

See also other documents in the category Brocade Computer Accessories: