Configuration example for extended named acls, Preserving user input for acl tcp/udp port numbers – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 949

Advertising
background image

Brocade TurboIron 24X Series Configuration Guide

915

53-1003053-01

Preserving user input for ACL TCP/UDP port numbers

You can enable logging on ACLs and filters that support logging even when the ACLs and filters
are already in use. To do so, re-enter the ACL or filter command and add the log parameter to
the end of the ACL or filter. The software replaces the ACL or filter command with the new one.
The new ACL or filter, with logging enabled, takes effect immediately.

The traffic-policy option enables the device to rate limit inbound traffic and to count the packets
and bytes per packet to which ACL permit or deny clauses are applied. For configuration
procedures and examples, refer to the chapter

“About traffic policies”

on page 929.

Configuration example for extended named ACLs

To configure an extended named ACL, enter commands such as the following.

The options at the ACL configuration level and the syntax for the ip access-group command are the
same for numbered and named ACLs and are described in

“Configuring extended numbered ACLs”

on page 905 and

“Configuring extended numbered ACLs”

on page 905.

Preserving user input for ACL TCP/UDP port numbers

ACL implementations automatically display the TCP/UDP port name instead of the port number,
regardless of user preference. This feature preserves the user input (name or number) and now
displays either the port name or the number.

A new command has been added to enable this feature.

TurboIron(config)#ip preserve-ACL-user-input-format

Syntax: ip preserve-ACL-user-input-format

The following example shows how this feature works for a TCP port (this feature works the same
way for UDP ports). In this example, the user identifies the TCP port by number (80) when
configuring ACL group 140. However, show ip access-list 140 reverts back to the port name for the
TCP port (http in this example). After the user issues the new ip preserve-ACL-user-input-format
command, show ip access-list 140 displays either the TCP port number or name, depending on
how it was configured by the user.

TurboIron(config)#access-list 140 permit tcp any any eq 80

TurboIron(config)#access-list 140 permit tcp any any eq ftp

TurboIron#show ip access-lists 140

Extended IP access list 140

permit tcp any any eq http

permit tcp any any eq ftp

TurboIron(config)#ip preserve-ACL-user-input-format

TurboIron#show ip access-lists 140

Extended IP access list 140

permit tcp any any eq 80

permit tcp any any eq ftp

TurboIron(config)#ip access-list extended “block Telnet”

TurboIron(config-ext-nACL)#deny tcp host 10.157.22.26 any eq telnet log

TurboIron(config-ext-nACL)#permit ip any any

TurboIron(config-ext-nACL)#exit

TurboIron(config)#int eth 1

TurboIron(config-if-1)#ip access-group “block Telnet” in

Advertising
Popular Brands
Popular manuals