beautypg.com

Configuring standard numbered acls, Standard acl syntax – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 69

background image

ServerIron ADX Security Guide

55

53-1002440-03

Configuring numbered and named ACLs

2

Configuring standard numbered ACLs

This section describes how to configure standard numbered ACLs with numeric IDs:

For configuration information on named ACLs, refer to

“Configuring standard or extended

named ACLs”

on page 62.

For configuration information on extended ACLs, refer to

“Configuring extended numbered

ACLs”

on page 56.

Standard ACLs permit or deny packets based on source IP address. You can configure up to 99
standard ACLs. There is no limit to the number of ACL entries an ACL can contain except for the
system-wide limitation. For the number of ACL entries supported on a device, refer to

“ACL IDs and

entries”

on page 52.

To configure a standard ACL and apply it to outgoing traffic on port 1/1, enter the following
commands.

ServerIronADX(config)# access-list 1 deny host 209.157.22.26

ServerIronADX(config)# access-list 1 deny 209.157.29.12

ServerIronADX(config)# access-list 1 deny host IPHost1

ServerIronADX(config)# access-list 1 permit any

ServerIronADX(config)# int eth 1/1

ServerIronADX(config-if-1/1)# ip access-group 1 in

ServerIronADX(config)# write memory

The commands in this example configure an ACL to deny packets from three source IP addresses
from being forwarded on port 1/1. The last ACL entry in this ACL permits all packets that are not
explicitly denied by the first three ACL entries.

Standard ACL syntax

Syntax: [no] access-list deny | permit |

or

Syntax: [no] access-list deny | permit / |

Syntax: [no] access-list deny | permit host |

Syntax: [no] access-list deny | permit any

Syntax: [no] ip access-group in | out

The parameter is the access list number and can be from 1 – 99.

The deny | permit parameter indicates whether packets that match a policy in the access list are
denied (dropped) or permitted (forwarded).

The parameter specifies the source IP address. Alternatively, you can specify the host
name.

NOTE

To specify the host name instead of the IP address, the host name must be configured using the
Brocade device’s DNS resolver. To configure the DNS resolver name, use the ip dns server-address…
command at the global CONFIG level of the CLI.

See also other documents in the category Brocade Communications Systems Home Theater Systems: