beautypg.com

Access-list, Chapter 12, Chapter 12, access-list – Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 903: Chapter

background image

Brocade Mobility RFS Controller CLI Reference Guide

891

53-1003098-01

Chapter

12

ACCESS-LIST

This chapter summarizes IP and MAC access list commands in the CLI command structure.

Access lists control access to the managed network using a set of rules also known as Access
Control Entries (ACEs). Each rule specifies an action taken when a packet matches that rule. If the
action is deny, the packet is dropped. If the action is permit, the packet is allowed. A set of deny
and/or permit rules based on IP addresses constitutes a IP Access Control List (ACL). Similarly, a
set of deny and/or permit rules based on MAC addresses constitutes a MAC ACL.

Within a managed network, IP ACLs are used as firewalls to filter packets, and may also mark
packets, based on the IP address from which they arrive, as opposed to filtering packets on layer 2
ports. IP based firewall rules are specific to the source and destination IP addresses and have
unique precedence orders assigned. Both IP and non-IP traffic on the same layer 2 or port interface
can be filtered by applying an IP ACL.

MAC ACLs are firewalls that filter or mark packets based on the MAC address from which they
arrive, as opposed to filtering packets on layer 2 ports. Optionally filter layer 2 traffic on a physical
layer 2 interface using MAC addresses. A MAC firewall rule uses source and destination MAC
addresses for matching operations, where the result is a typical allow, deny or mark designation to
controller managed packet traffic.

The following ACLs are supported:

ip-access-list

mac-access-list

Use IP and MAC commands under the global configuration to create an access list.

When the access list is applied on an Ethernet port, it becomes a port ACL

When the access list is applied on a VLAN interface, it becomes a router ACL

Use the (config) instance to configure a new ACL or modify an existing ACL. To navigate to the
(config-access-list) instance, use the following commands:

(config)#ip access-list

(config)#mac access-list

NOTE

If creating an new ACL policy, provide a name that uniquely identifies its purpose. The name cannot
exceed 32 characters.

ip-access-list

rfs7000-37FABE(config)#ip access-list test

rfs7000-37FABE(config-ip-acl-test)#?

ACL Configuration commands:

deny Specify packets to reject

disable Disable rule if not needed

insert Insert this rule (instead of overwriting a existing rule)

no Negate a command or set its defaults

permit Specify packets to forward

See also other documents in the category Brocade Computer Accessories: