beautypg.com

Deletion of acls bound to an interface – Brocade MLX Series and NetIron Family (Supporting Multi-Service IronWare R05.6.xx) User Manual

Page 43

background image

Brocade MLX Series and NetIron Family Documentation Updates

35

53-1003301-07

Deletion of ACLs bound to an interface

1

Deletion of ACLs bound to an interface

The following note has been added to the ACL chapter in the above section of the Multi-Service
Ironware Security Configuration Guide.

To delete an ACL bound to an interface, use the force-delete-bound-acl command.

NOTE

This command is also supported on Brocade NetIron CES Series and Brocade NetIron CER Series
devices.

To delete an ACL bound to an interface, use the force-delete-bound-acl command.

Initially force-delete-bound-acl is disabled.

Brocade(config)#acl-policy

Brocade(config-acl-policy)# force-delete-bound-acl

The no force-delete-bound-acl command does not allow the ACLs bound to an interface to be
deleted.

Brocade(config-acl-policy)# no force-delete-bound-acl

Syntax: [no] force-delete-bound-acl

When force-delete-bound-acl is enabled, it allows deletion of ACLs bound to one or more interfaces.
After enabling this command for the deletion of the ACLs, however the binding of the ACL to an
interface still remains. On rebinding this will be an empty ACL and will have no affect on traffic
forwarding. On rebinding the CAM entries are reprogrammed appropriately, so no ACL filtering takes
place after the ACL is deleted. This command is available as a subcommand of acl-policy
command. However like any other ACL modification the CAM is only reprogrammed during rebind.
Without a rebind the old filters are still present in the CAM.

NOTE

In case of subnet broadcast ACL bindings, when an empty ACL is bound to an interface, implicit deny
entries are programmed to the CAM and will have effect on traffic forwarding.

NOTE

This command is also supported on Brocade NetIron CES and Brocade NetIron CER Series devices.

An example of the command is as below.

Brocade(config-acl-policy)# force-delete-bound-acl

Brocade(config-acl-policy)# exit

Brocade(config)# show access-list all

ACL configuration:

!

mac access-list SampleACL

permit any any 10 etype any

!

Brocade(config)# show access-list bindings

L4 configuration:

!

interface ethe 2/1

mac access-group SampleACL in

!

Brocade(config)#show cam l2acl

SLOT/PORT Interface number

See also other documents in the category Brocade Computer Accessories: