beautypg.com

Creating an ip filter policy, Cloning an ip filter policy, Displaying an ip filter policy – Dell POWEREDGE M1000E User Manual

Page 218: Saving an ip filter policy

background image

218

Fabric OS Administrator’s Guide

53-1002745-02

IP Filter policy

7

Virtual Fabrics considerations: Each logical switch cannot have its own different IP Filter policies. IP
Filter policies are treated as a chassis-wide configuration and are common for all the logical
switches in the chassis.

Creating an IP Filter policy

You can create an IP Filter policy specifying any name and using type IPv4 or IPv6. The policy
created is stored in a temporary buffer, and is lost if the current command session logs out. The
policy name is a unique string composed of a maximum of 20 alpha, numeric, and underscore
characters. The names default_ipv4 and default_ipv6 are reserved for default IP filter policies. The
policy name is case-insensitive and always stored as lowercase. The policy type identifies the policy
as an IPv4 or IPv6 filter. There can be a maximum of six IP Filter policies.

1. Log in to the switch using an account with admin permissions, or an account associated with

the chassis role and having OM permissions for the IPfilter RBAC class of commands.

2. Enter in the ipFilter --create command.

Cloning an IP Filter policy

You can create an IP Filter policy as an exact copy of an existing policy. The policy created is stored
in a temporary buffer and has the same type and rules as the existing defined or active policy.

1. Log in to the switch using an account with admin permissions, or an account associated with

the chassis role and having OM permissions for the IPfilter RBAC class of commands.

2. Enter the ipFilter

--

clone command.

Displaying an IP Filter policy

You can display the IP Filter policy content for the specified policy name, or all IP Filter policies if a
policy name is not specified.

For each IP Filter policy, the policy name, type, persistent state and policy rules are displayed. The
policy rules are listed by the rule number in ascending order. There is no pagination stop for
multiple screens of information. Pipe the output to the |more command to achieve this.

If a temporary buffer exists for an IP Filter policy, the

--

show subcommand displays the content in

the temporary buffer, with the persistent state set to no.

1. Log in to the switch using an account with admin permissions, or an account associated with

the chassis role and having the O permission for the IPfilter RBAC class of commands.

2. Enter the ipFilter

–-

show command.

Saving an IP Filter policy

You can save one or all IP Filter policies persistently in the defined configuration. The policy name is
optional for this subcommand. If the policy name is given, the IP Filter policy in the temporary
buffer is saved; if the policy name is not given, all IP Filter policies in the temporary buffer are
saved. Only the CLI session that owns the updated temporary buffer may run this command.
Modification to an active policy cannot be saved without being applied. Hence, the

--

save

subcommand is blocked for the active policies. Use

--

activate instead.