Configuration example for extended named acls, Preserving user input for acl tcp/udp port numbers – Brocade TurboIron 24X Series Configuration Guide User Manual
Page 949

Brocade TurboIron 24X Series Configuration Guide
915
53-1003053-01
Preserving user input for ACL TCP/UDP port numbers
•
You can enable logging on ACLs and filters that support logging even when the ACLs and filters
are already in use. To do so, re-enter the ACL or filter command and add the log parameter to
the end of the ACL or filter. The software replaces the ACL or filter command with the new one.
The new ACL or filter, with logging enabled, takes effect immediately.
The traffic-policy option enables the device to rate limit inbound traffic and to count the packets
and bytes per packet to which ACL permit or deny clauses are applied. For configuration
procedures and examples, refer to the chapter
Configuration example for extended named ACLs
To configure an extended named ACL, enter commands such as the following.
The options at the ACL configuration level and the syntax for the ip access-group command are the
same for numbered and named ACLs and are described in
“Configuring extended numbered ACLs”
“Configuring extended numbered ACLs”
Preserving user input for ACL TCP/UDP port numbers
ACL implementations automatically display the TCP/UDP port name instead of the port number,
regardless of user preference. This feature preserves the user input (name or number) and now
displays either the port name or the number.
A new command has been added to enable this feature.
TurboIron(config)#ip preserve-ACL-user-input-format
Syntax: ip preserve-ACL-user-input-format
The following example shows how this feature works for a TCP port (this feature works the same
way for UDP ports). In this example, the user identifies the TCP port by number (80) when
configuring ACL group 140. However, show ip access-list 140 reverts back to the port name for the
TCP port (http in this example). After the user issues the new ip preserve-ACL-user-input-format
command, show ip access-list 140 displays either the TCP port number or name, depending on
how it was configured by the user.
TurboIron(config)#access-list 140 permit tcp any any eq 80
TurboIron(config)#access-list 140 permit tcp any any eq ftp
TurboIron#show ip access-lists 140
Extended IP access list 140
permit tcp any any eq http
permit tcp any any eq ftp
TurboIron(config)#ip preserve-ACL-user-input-format
TurboIron#show ip access-lists 140
Extended IP access list 140
permit tcp any any eq 80
permit tcp any any eq ftp
TurboIron(config)#ip access-list extended “block Telnet”
TurboIron(config-ext-nACL)#deny tcp host 10.157.22.26 any eq telnet log
TurboIron(config-ext-nACL)#permit ip any any
TurboIron(config-ext-nACL)#exit
TurboIron(config)#int eth 1
TurboIron(config-if-1)#ip access-group “block Telnet” in