beautypg.com

Displaying acl definitions – Brocade BigIron RX Series Configuration Guide User Manual

Page 693

background image

BigIron RX Series Configuration Guide

615

53-1002484-04

Displaying ACL definitions

22

Parameters to bind super ACLs to an interface

Super ACLs can be applied to physical interfaces, trunk interfaces, and virtual interfaces. They
follow the same configuration constraints as the IPv4 ACLs, for example they cannot co-exist with
an IPv4 ACL on the same interface.

Syntax: [no] super-acl <num> in

Displaying ACL definitions

To display the ACLs configured on a device, use the show ip access-lists command.

Numbered ACL

For a numbered ACL, you can enter a command such as the following.

BigIron RX(config)#show access-list 99

ACL configuration:

!

Standard IP access list 10

access-list 99 deny host 10.10.10.1

access-list 99 permit any

Syntax: show access-list <number> | all

Enter the ACL number for the <number> parameter:

1 – 99 for standard ACLs

100 – 199 for extended ACLs

500 – 599 for super ACLs

ip-pkt-len

<

pkt-len>

Specifies the IP packet length to be matched.

ip-fragment-match

Enables IP fragment matching.

<

ip-protocol>

Specifies the IP protocols to be matched.

<

sip>

Enables packet matching based on specific IP source addresses.

<

dip>

Enables packet matching based on specified IP destination addresses.

sp

Enables packet matching based on specified source TCP/UDP port.

dp

Enables packet matching based on specified destination TCP/UDP port.

icmp-detail

Enables packet matching based on ICMP information.

801.2-priority-matching

Enables packet matching based on the specified 802.1p priority value. Valid range
is 0-7.

ipsec-spi

This parameter filters packets based on their IPSEC Security Parameter Index (SPI).
Enter this value in hexadecimal. The range is 00000000 - fffffffff

qos-marking

Enables packet matching based on QoS marking.

dscp-marking

Enables packet matching based on DSCP marking.

internal-priority-marking

Enables packet matching based on internal priority marking.

tcp-flags

Enables packet matching based on TCP flags.

<

icmp-type-code>

Enables packet matching based on ICMP type/code.

See also other documents in the category Brocade Computer Accessories: