beautypg.com

Access-list – Brocade Mobility RFS7000-GR Controller CLI Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

Page 187

background image

Brocade Mobility RFS7000-GR Controller CLI Reference Guide

173

53-1001945-01

Global Configuration Commands

5

access-list

Global Configuration Commands

Use this command to add an access list entry. Use the access list command under global
configuration to configure the access list mechanism for filtering frames by protocol type or vendor
code.

Syntax

access-list

For Standard IP ACL’s:

access-list (<1-99>|<1300-1999>) (deny|permit|mark (8021p <0-7> | tos

<0-255>))(A.B.C.D/M | host A.B.C.D | any)(log) (rule-precedence <1-5000>)

For Extended IP ACL’s:

access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p <0-7> | tos

<0-255>}} {ip} {source/source-mask | host source | any }

{destination/destination-mask | host destination | any } [log] [rule-precedence

access-list-entry precedence]

access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p <0-7> | tos

<0-255>}} {icmp} {source/source-mask | host source | any} {destination/

destination-mask | host destination | any} [icmp-type | [icmp-type icmp-code]]

[log] [rule-precedence access-list-entry precedence]

access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p <0-7> | tos

<0-255>}} {tcp|udp} {source/source-mask | host source | any} [operator

source-port] {destination/destination-mask | host destination | any} [operator

destination-port] [log] [rule-precedence access-list-entry precedence]

Parameters

access-list
(<1-99>|<1300-1999>)
(deny|permit|mark
(8021p <0-7> | dscp <0-63>
tos <0-255>))
(A.B.C.D/M | host A.B.C.D |
any)(log)
(rule-precedence <1-5000>)

Adds a standard access list entry.

(<1-99>|<1300-1999>) – Access numbers from 1 to 99 or 1300 to 1999.

(deny|permit|mark) – Defines the action types on an ACL. The action type

mark

is functional only over a Port ACL.

8021p <0-7> – Used only with the action type

mark

to specify 8021p

priority values.

dscp <0-63> – Used only with the action type

mark

to modify DSCP TOS

bits in the IP header for the DSCP codepoint value >0-63>.

tos <0-255> – Used only with thction type

mark

to specify type of

service (tos) values.

(A.B.C.D/M | host A.B.C.D | any) – Source is the source address of the
network or host in dotted decimal. Source-mask is the network mask. For
example, 10.1.1.10/24 indicates the first 24 bits of the source IP are used
for matching.

The keyword any is an abbreviation for a source IP of 0.0.0.0 and
source-mask bits equal to 0.

The keyword host is an abbreviation for exact source (A.B.C.D) and
source-mask bits equal to 32.

log – Generates log messages when the packet coming from the interface
matches the ACL entry. Log messages are generated only for router ACL’s.

(rule-precedence <1-5000>) – Integer value between
1-5000. This value sets the rule precedence in the ACL.

See also other documents in the category Brocade Computer Accessories: