Acl editing and sequence numbers, Upgrade and downgrade considerations – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 192

Advertising
background image

174

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring an IPv6 Access Control List

4

Remove the IPv6 outbound ACL from a VPLS, VLL, or VLL-local endpoint before removing the
port from the VPLS, VLL, or VLL-local instance or corresponding VLAN.

Remove the IPv6 outbound ACL from a VPLS, VLL, or VLL-local endpoint before deleting the
VPLS, VLL, or VLL-local instance or corresponding VLAN.

If the VPLS, VLL, or VLL-local endpoint is a LAG port, you must first remove the IPv6 outbound
ACL from the primary LAG port before deleting the LAG. This restriction is applicable even if you
attempt to delete the lag using force keyword.

If a VLL or VLL-local endpoint is a LAG port with an IPv6 outbound ACL, you must first remove
the IPv6 outbound ACL from the primary LAG port before dynamically removing a port from the
LAG.

Ensure that no VPLS, VLL, or VLL-local endpoint exists with an IPv6 outbound ACL before
entering the command: no router mpls.

This chapter contains the following sections:

“Using IPv6 ACLs as input to other features”

“Configuring an IPv6 ACL”

“Applying an IPv6 ACL”

“Adding a comment to an IPv6 ACL entry”

ACL editing and sequence numbers

Multi-Service IronWare R05.6.00 supports ACL editing and ACL entry sequence numbers for
Layer-2, IPv4 and IPv6 ACLs. This chapter describes the ACL editing feature applied to IPv6 ACLs.
Refer to

Appendix A, “ACL Editing and Sequence Numbers”

for a functional description of the ACL

editor as it applies to Layer-2, IPv4 and IPv6 ACLs.

Upgrade and downgrade considerations

Multi-Service IronWare R05.6.00 supports ACL entry sequence numbers for Layer-2, IPv4 and IPv6
ACLs. Where ACL filters have been configured on R05.6.00 and you want to downgrade a device to
an earlier version of software, you should enable suppress-acl-seq prior to the downgrade.

NOTE

If suppress-acl-seq is not enabled before downgrade from Multi-Service IronWare R05.6.00, ACL
configurations created with the sequence parameter on R05.6.00 will not be allowed on older
releases and will result in an error.

By default, the suppress-acl-seq switch is OFF. When it is turned ON, the system:

Hides or suppresses sequence numbers for ACL filters while:

Executing show access-list commands

Displaying the running-config

Saving the running-config using write memory

Copying the running-config to a tftp server

Hides all unused IPv6 remark-entry configuration statements when running-config is displayed
or stored.

Shows all used IPv6 remark-entry configuration statements as remark statements when
running-config is displayed or stored.

Advertising
Popular Brands
Popular manuals