Configuring numbered and named acls, Configuring standard numbered acls, Support for up to 4096 acl entries – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 39

Advertising
background image

Brocade Virtual ADX Security Guide

27

53-1003250-01

Configuring numbered and named ACLs

2

Support for up to 4096 ACL entries

You can configure up to 4096 ACL entries on devices that have enough space to hold a
startup-config file that contains the ACLs.

To configure the maximum ACL rule limit of 4096 ACL rules, the following must be set:

1. The system-max ip-filter-sys command must be set to 4096.

Virtual ADX (config)#system-max ip-filter-sys 4096

2. Execute the write memory command to save the running configuration to the startup-config.

3. Reload the Brocade Virtual ADX .

Configuring numbered and named ACLs

When you configure ACLs, you can refer to the ACL by a numeric ID or by an alphanumeric name.
The commands to configure numbered ACLs are different from the commands for named ACLs:

If you refer to the ACL by a numeric ID, you can use 1 – 99 for a standard ACL or 100 – 199 for
an extended ACL. This document refers to this ACL as numbered ACL.

If you refer to the ACL by a name, you specify whether the ACL is a standard ACL or an extended
ACL, then specify the name. This document refers to this ACL type as named ACL.

You can configure up to 100 standard numbered IP ACLs and 100 extended numbered IP ACLs. You
also can configure up to 100 standard named ACLs and 100 extended named ACLs by number.
Regardless of how many ACLs you have, the device can have a maximum of 4096 ACL entries,
associated with the ACLs in any combination.

Configuring standard numbered ACLs

This section describes how to configure standard numbered ACLs with numeric IDs:

For configuration information on named ACLs, refer to

“Configuring standard or extended

named ACLs”

on page 34.

For configuration information on extended ACLs, refer to

“Configuring extended numbered

ACLs”

on page 29.

Standard ACLs permit or deny packets based on source IP address. You can configure up to 99
standard ACLs. There is no limit to the number of ACL entries an ACL can contain except for the
system-wide limitation. For the number of ACL entries supported on a device, refer to

“ACL IDs and

entries”

on page 26.

To configure a standard ACL and apply it to incoming traffic on port 1/1, enter the following
commands.

Virtual ADX (config)#access-list 1 deny host 10.157.22.26

Virtual ADX (config)#access-list 1 deny 10.157.29.12

Virtual ADX (config)#access-list 1 deny host IPHost1

Virtual ADX (config)#access-list 1 permit any

Virtual ADX (config)#int eth 1/1

Virtual ADX (config-if-1/1)#ip access-group 1 in

Virtual ADX (config)#write memory

Advertising
Popular Brands
Popular manuals