Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 52

Brocade Virtual ADX Security Guide

53-1003250-01

Modifying ACLs

no access-list 1

no access-list 101

When you load the ACL list into the device, the software adds the ACL entries in the file after
any entries that already exist in the same ACLs. Thus, if you intend to entirely replace an ACL,
you must use the no access-list num command to clear the entries from the ACL before the
new ones are added.

3. Place the commands to create the ACL entries into the file. The order of the separate ACLs

does not matter, but the order of the entries within each ACL is important. The software applies
the entries in an ACL in the order they are listed within the ACL. Here is an example of some
ACL entries.

access-list 1 deny host 10.157.22.26 log

access-list 1 deny 10.157.22.0 0.0.0.255 log

access-list 1 permit any

access-list 101 deny tcp any any eq http log

The software will apply the entries in ACL 1 in the order shown and stop at the first match.
Thus, if a packet is denied by one of the first three entries, the packet will not be permitted by
the fourth entry, even if the packet matches the comparison values in this entry.

4. Enter the command end on a separate line at the end of the file. This command indicates to

the software that the entire ACL list has been read from the file.

5. Save the text file.

6. On the Brocade Virtual ADX device, enter the following command at the Privileged EXEC level

of the CLI.

copy tftp running-config tftp-ip-addr filename

NOTE

This command will be unsuccessful if you place any commands other than access-list and end
(at the end only) in the file. These are the only commands that are valid in a file you load using
the copy tftp running-config… command.

7. To save the changes to the device’s startup-config file, enter the following command at the

Privileged EXEC level of the CLI.

write memory

Here is a complete example of an ACL configuration file.