beautypg.com

Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 915

background image

Brocade Mobility RFS Controller CLI Reference Guide

903

53-1003098-01

12

disable [deny|permit] [|icmp|ip|

proto |tcp|udp]

[||any|

from-vlan |host ]

[||

any|host ] (log,mark [8021p <0-7>|dscp <0-63>],rule-precedence)

Example

The following example shows the ‘auto-tunnel-acl’ settings before the disable

command is executed:

rfs7000-37FABE(config-ip-acl-auto-tunnel-acl)#show context

ip access-list auto-tunnel-acl

permit ip host 200.200.200.99 30.30.30.1/24 rule-precedence 2

permit ip host 200.200.200.99 any rule-precedence 3

rfs7000-37FABE(config-ip-acl-auto-tunnel-acl)#

disable [deny|permit]

Disables a deny or permit access rule without removing it from the ACL
Provide the exact values used to configure the deny or permit rule.

AS-NAME>

Specifies the network-service alias, identified by the keyword, associated
with the deny/permit rule

icmp

Disables a rule applicable to ICMP packets only

ip

Disables a rule applicable to IP packets only

proto

Disables a rule applicable to any Internet protocol other than TCP, UDP, or ICMP packets

– Identify the Internet protocol using the options available.

tcp

Disables a rule applicable to TCP packets only

udp

Disables a rule applicable to UDP packets only
After specifying the packet type, specify the source and destination devices and network address(es) to
match.

Specify the source IP address and mask in the A.B.C.D/M format.

S-NAME>

Specifies the network-group alias, identified by the keyword, associated
with this deny/permit rule

any

Select ‘any’ if the rule is applicable to any source IP address.

from-vlan

Specify the VLAN IDs.

host

Specify the source host’s exact IP address.

Specify the destination IP address and mask in the A.B.C.D/M format.

S-NAME>

Specifies the network-group alias, identified by the keyword, associated
with this deny/permit rule

any

Select ‘any’ if the rule is applicable to any destination IP address.

host

Specify the destination host’s exact IP address.

log

Select log, if the rule has been configured to log records in case of a match.

mark [8021p <0-7>|
dscp <0-63>]

Specifies packets to mark

8021p <0-7> – Marks packets by modifying 802.1.p VLAN user priority

dscp <0-63> – Marks packets by modifying DSCP TOS bits in the header

rule-precedence
<1-5000>

Specify the rule precedence. The deny or permit rule with the specified precedence is disabled.
To enable a disabled rule, enter the rule again without the ‘disable’ keyword.
The no > disable command removes a disabled rule from the ACL.

See also other documents in the category Brocade Computer Accessories: