Brocade Mobility RFS7000-GR Controller CLI Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 190
176
Brocade Mobility RFS7000-GR Controller CLI Reference Guide
53-1001945-01
Global Configuration Commands
5
NOTE
To create a named ACL, use
ip access-list
(Standard/Extended). For more details check
.
Using
access-list [<100-199>|<2000-2699>]
moves to the
(config-ext-nacl)
instance. For additional information, see
Extended ACL Instance on page 351
Using
access-list [<1-99>|<1300-1999>]
moves to the
(config-std-nacl)
instance. For
additional information, see
Standard ACL Instance on page 373
.
Usage Guidelines
Use an access list command under global configuration to create an access list. The switch
supports port, router and WLAN ACL’s.
•
When the access list is applied on an Ethernet port, it becomes a port ACL.
•
When the access list is applied on a VLAN interface, it becomes a router ACL.
•
When the access list is applied on a WLAN index, it becomes a WLAN ACL.
A MAC access list, to allow an arp, is mandatory for both port and WLAN ACL’s. For more
information on how to configure a MAC access list, see
Example
The example below creates a standard access list (ACL) to permit traffic coming to the interface.
RFS7000(config)#access-list 1 permit any
RFS7000(config)#
The example below creates a extended IP access list to permit IP traffic between two networks.
RFS7000(config)#access-list 101 permit ip 192.168.1.0/24 192.168.2.0/24
RFS7000(config)#
The example below creates an extended access list to permit tcp traffic, between two networks,
with a destination port range between 20 and 23.
RFS7000(config)#access-list 101 permit tcp 192.168.1.0/24 192.168.2.0/24 range 20
23
RFS7000(config)#
The example below denies icmp traffic from any source to any destination.
RFS7000(config)#access-list 115 deny icmp any any
RFS7000(config)#access-list 115 permit ip any any
RFS7000(config)#