Configuring acl, Configuring route-map, Telemetry solutions – Brocade MLX Series and NetIron Family (Supporting Multi-Service IronWare R05.6.xx) User Manual
Page 16
8
Brocade MLX Series and NetIron Family Documentation Updates
53-1003301-07
Telemetry Solutions
1
Configuring ACL
ipv6 access-list v6_Mall_Outer_1001
permit ipv6 host 667:a6db:39c5:f217:4374:435e:ba5e:d402 any
ipv6 access-list v6_Mall_Outer_1002
permit ipv6 host 849e:958:ed:bcd8:577d:5468:edef:8dfc any
ipv6 access-list v6_Mall_Outer_1000
permit ipv6 host 2f12:4a71:704c:8a1a:7de3:7ef9:43a9:550a any
ipv6 access-list v6_Permit_Any
permit ipv6 any any
ip access-list extended v4_Mall_Outer_1001
permit ip host 95.64.50.180 any
ip access-list extended v4_Mall_Outer_1002
permit ip host 126.126.14.76 any
ip access-list extended v4_Mall_Outer_1000
permit ip host 117.218.157.45 any
ip access-list extended v4_Permit_Any
permit ip any any
mac access-list Deny_Any
deny any any any
NOTE
For this application always set the ACL rule as “permit”.
NOTE
The only exception to this rule is, the last route-map instance must be set as CATCH-ALL, to avoid all
unmatched traffic going to the CPU for forwarding. The only exception is if you have another routing
protocol which picks up the unmatched traffic, and allows the usage of deny statement in the ACLs
and no need to set CATCH-ALL. All “denied” and unmatched packets will be passed to the routing
protocol for forwarding. Traffic to be dropped is handled at the end of the route-map.
Configuring Route-map
route-map Outer_Mall permit 1000
rule-name 1000
match ip address v4_Mall_Outer_1000
match ipv6 address v6_Mall_Outer_1000
set next-hop-flood-vlan 1000
set interface null0
route-map Outer_Mall permit 1001
rule-name 1001
match ip address v4_Mall_Outer_1001
match ipv6 address v6_Mall_Outer_1001
set next-hop-flood-vlan 1001
set interface null0
route-map Outer_Mall permit 1002
rule-name 1002
match ip address v4_Mall_Outer_1002
match ipv6 address v6_Mall_Outer_1002
set next-hop-flood-vlan 1002
set interface null0