Configuring standard or extended named acls, Configuring standard or extended, Named acls – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual
Page 46
34
Brocade Virtual ADX Security Guide
53-1003250-01
Configuring numbered and named ACLs
2
•
min-monetary-cost or 1 – The ACL matches packets that have the minimum monetary cost
ToS. The decimal value for this option is 10.
NOTE
This value is not supported on 10 Gigabit Ethernet modules.
•
normal or 0 – The ACL matches packets that have the normal ToS. The decimal value for this
option is 0.
•
num – A number from 0 – 15 that is the sum of the numeric values of the options you want.
The ToS field is a four-bit field following the Precedence field in the IP header. You can specify
one or more of the following. To select more than one option, enter the decimal value that is
equivalent to the sum of the numeric values of all the ToS options you want to select. For
example, to select the max-reliability and min-delay options, enter number 10. To select all
options, select 15.
The ip-pkt-len value parameter filters ICMP packets based on the IP packet length. The device uses
the value to match the total length field in the IP header of ICMP packets. You can specify a value
from 1 – 65535.
NOTE
This parameter applies only if you specified icmp as the ip-protocol value.
The log parameter enables SNMP traps and Syslog messages for packets denied by the ACL.
You can enable logging on ACLs and filters that support logging even when the ACLs and filters are
already in use. To do so, re-enter the ACL or filter command and add the log parameter to the end
of the ACL or filter. The software replaces the ACL or filter command with the new one. The new ACL
or filter, with logging enabled, takes effect immediately.
Configuring standard or extended named ACLs
To configure a named IP ACL, use the following CLI method.
The commands for configuring named ACL entries are different from the commands for configuring
numbered ACL entries. The command to configure a numbered ACL is access-list. The command
for configuring a named ACL is ip access-list. In addition, when you configure a numbered ACL
entry, you specify all the command parameters on the same command. When you configure a
named ACL, you specify the ACL type (standard or extended) and the ACL number with one
command, which places you in the configuration level for that ACL. Once you enter the
configuration level for the ACL, the command syntax is the same as the syntax for numbered ACLs.
The following examples show how to configure a named standard ACL entry and a named extended
ACL entry.
Configuration example for standard ACL
To configure a named standard ACL entry, enter commands such as the following.