Access-list – Brocade Mobility RFS7000-GR Controller CLI Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 187
Brocade Mobility RFS7000-GR Controller CLI Reference Guide
173
53-1001945-01
Global Configuration Commands
5
access-list
Use this command to add an access list entry. Use the access list command under global
configuration to configure the access list mechanism for filtering frames by protocol type or vendor
code.
Syntax
access-list
For Standard IP ACL’s:
access-list (<1-99>|<1300-1999>) (deny|permit|mark (8021p <0-7> | tos
<0-255>))(A.B.C.D/M | host A.B.C.D | any)(log) (rule-precedence <1-5000>)
For Extended IP ACL’s:
access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p <0-7> | tos
<0-255>}} {ip} {source/source-mask | host source | any }
{destination/destination-mask | host destination | any } [log] [rule-precedence
access-list-entry precedence]
access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p <0-7> | tos
<0-255>}} {icmp} {source/source-mask | host source | any} {destination/
destination-mask | host destination | any} [icmp-type | [icmp-type icmp-code]]
[log] [rule-precedence access-list-entry precedence]
access-list (<100-199>|<2000-2699>) {deny | permit | mark {dot1p <0-7> | tos
<0-255>}} {tcp|udp} {source/source-mask | host source | any} [operator
source-port] {destination/destination-mask | host destination | any} [operator
destination-port] [log] [rule-precedence access-list-entry precedence]
Parameters
access-list
(<1-99>|<1300-1999>)
(deny|permit|mark
(8021p <0-7> | dscp <0-63>
tos <0-255>))
(A.B.C.D/M | host A.B.C.D |
any)(log)
(rule-precedence <1-5000>)
Adds a standard access list entry.
•
(<1-99>|<1300-1999>) – Access numbers from 1 to 99 or 1300 to 1999.
•
(deny|permit|mark) – Defines the action types on an ACL. The action type
mark
is functional only over a Port ACL.
•
8021p <0-7> – Used only with the action type
mark
to specify 8021p
priority values.
•
dscp <0-63> – Used only with the action type
mark
to modify DSCP TOS
bits in the IP header for the DSCP codepoint value >0-63>.
•
tos <0-255> – Used only with thction type
mark
to specify type of
service (tos) values.
•
(A.B.C.D/M | host A.B.C.D | any) – Source is the source address of the
network or host in dotted decimal. Source-mask is the network mask. For
example, 10.1.1.10/24 indicates the first 24 bits of the source IP are used
for matching.
•
The keyword any is an abbreviation for a source IP of 0.0.0.0 and
source-mask bits equal to 0.
•
The keyword host is an abbreviation for exact source (A.B.C.D) and
source-mask bits equal to 32.
•
log – Generates log messages when the packet coming from the interface
matches the ACL entry. Log messages are generated only for router ACL’s.
•
(rule-precedence <1-5000>) – Integer value between
1-5000. This value sets the rule precedence in the ACL.