Displaying acl bindings, Troubleshooting rule-based acls – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 97

Advertising
background image

ServerIron ADX Security Guide

83

53-1002440-03

Displaying ACL bindings

2

ServerIronADX(config)# ip strict-acl-tcp

ServerIronADX(config)# access-list 1 permit 10.10.200.0 0.0.0.255

ServerIronADX(config)# access-list 2 deny 209.157.2.184

The following commands configure global NAT parameters.

ServerIronADX(config)# ip nat inside source list 1 pool outadds overload

ServerIronADX(config)# ip nat pool outadds 204.168.2.1 204.168.2.254 netmask

255.255.255.0

The following commands configure the inside and outside NAT interfaces. Notice that the ACLs are
applied to the inbound direction on the inside NAT interface, and are applied before NAT is enabled.
In this example, ACL 1 permits all traffic to come into the inside interface from the private sub-net.
ACL 2 denies traffic from a specific host from going out the interface to the private sub-net.

ServerIronADX(config)# interface ethernet 1/1

ServerIronADX(config-if-1/1)# ip address 10.10.200.1 255.255.255.0

ServerIronADX(config-if-1/1)# ip access-group 1 in

ServerIronADX(config-if-1/1)# ip access-group 2 out

ServerIronADX(config-if-1/1)# ip nat inside

ServerIronADX(config-if-1/1)# interface ethernet 2/2

ServerIronADX(config-if-2/2)# ip address 204.168.2.78 255.255.255.0

ServerIronADX(config-if-2/2)# ip nat outside

NOTE

Enter the ip rebind-acl command at the global CONFIG level of the CLI to place the ip strict-acl-tcp
command into effect.

Displaying ACL bindings

You can display which ACLs (IPv4 and IPv6) are bound to which interfaces as shown in the
following.

ServerIronADX# show access-list bindings

Access-list binding configuration:

!

interface ethernet 2

ip access-group 2 in

ipv6 traffic-filter acl1 in

!

interface ve 2

ip access-group 111 in

ipv6 traffic-filter acl2 out

Syntax: show access-list bindings

Troubleshooting rule-based ACLs

Use the following methods to troubleshoot a rule-based ACL:

To display the number of Layer 4 CAM entries being used by each ACL, enter the show
access-list
<acl-num> | <acl-name> | all command. Refer to

“Displaying the number of Layer 4 CAM

entries”

on page 53.

Advertising
Popular Brands
Popular manuals