beautypg.com

Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 47

background image

Brocade Virtual ADX Security Guide

35

53-1003250-01

Configuring numbered and named ACLs

2

The commands in this example configure a standard ACL named “Net1”. The entries in this ACL
deny packets from three source IP addresses from being forwarded on port 1/1. Since the implicit
action for an ACL is “deny”, the last ACL entry in this ACL permits all packets that are not explicitly
denied by the first three ACL entries. For an example of how to configure the same entries in a
numbered ACL, refer to

“Configuring standard numbered ACLs”

on page 27.

Notice that the command prompt changes after you enter the ACL type and name. The “std” in the
command prompt indicates that you are configuring entries for a standard ACL. For an extended
ACL, this part of the command prompt is “ext“. The “nacl” indicates that are configuring a named
ACL.

Syntax: ip access-list extended | standard string | num

The extended | standard parameter indicates the ACL type.

The string variable is the ACL name. You can specify a string of up to 256 alphanumeric characters.
You can use blanks in the ACL name if you enclose the name in quotation marks (for example, “ACL
for Net1”). The num variable allows you to specify an ACL number if you prefer. If you specify a
number, you can specify from 1 – 99 for standard ACLs or 100 – 199 for extended ACLs.

NOTE

For convenience, the software allows you to configure numbered ACLs using the syntax for named
ACLs. The software also still supports the older syntax for numbered ACLs. Although the software
allows both methods for configuring numbered ACLs, numbered ACLs are always formatted in the
startup-config and running-config files in using the older syntax, as follows.

access-list 1 deny host 10.157.22.26

access-list 1 deny 10.157.22.0 0.0.0.255

access-list 1 permit any

access-list 101 deny tcp any any eq http

The options at the ACL configuration level and the syntax for the ip access-group command are the
same for numbered and named ACLs and are described in

“Configuring standard numbered ACLs”

on page 27.

Configuration example for extended ACL
To configure a named extended ACL entry, enter commands such as the following.

The options at the ACL configuration level and the syntax for the ip access-group command are the
same for numbered and named ACLs and are described in

“Configuring extended numbered ACLs”

on page 29.

Virtual ADX (config)#ip access-list standard Net1

Virtual ADX (config-std-nacl)#deny host 10.157.22.26 log

Virtual ADX (config-std-nacl)#deny 10.157.29.12 log

Virtual ADX (config-std-nacl)#deny host IPHost1 log

Virtual ADX (config-std-nacl)#permit any

Virtual ADX (config-std-nacl)#exit

Virtual ADX (config)#int eth 1/1

Virtual ADX (config-if-1/1)#ip access-group Net1 in

Virtual ADX (config)#ip access-list extended “block Telnet”

Virtual ADX (config-ext-nacl)#deny tcp host 10.157.22.26 any eq telnet

Virtual ADX (config-ext-nacl)#permit ip any any

Virtual ADX (config-ext-nacl)#exit

Virtual ADX (config)#int eth 1/1

Virtual ADX (config-if-1/1)#ip access-group “block Telnet” in

See also other documents in the category Brocade Computer Accessories: