Access-list – Brocade Communications Systems RFS6000 User Manual
Page 223
Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide
221
53-1001931-01
Global Configuration commands
5
access-list
Adds an Access List (ACL) entry. Use the
access-list
command (under Global Configuration) to
configure the access list mechanism for filtering frames by protocol type or vendor code.
ACLs control access to the network through a set of rules. Each rule specifies an action which is
taken when a packet matches it within the given set of rules. If the action is deny, the packet is
dropped and if the action is permit, the packet is allowed. The controller supports the following
ACLs:
•
IP Standard ACLs
•
IP Extended ACLs
•
MAC Extended ACLs
ACLs are identified by either a number or a name. Numbers are predefined for IP Standard and
Extended ACLs, and the name can be any valid alphanumeric string (not exceeding 64 characters).
With numbered ACLs, the rule parameters have to be specified on the same command line along
with the ACL identifier.
Supported in the following platforms:
•
Mobility RFS4000 Controller
•
Mobility RFS6000 Controller
•
Mobility RFS7000 Controller
Syntax
access-list
[<1-99>|<100-199>|<1300-1999>|<2000-2699>]
For Standard IP ACLs:
access-list
[<1-99>|<1300-1999>] [deny|permit|mark]
access-list [<1-99>|<1300-1999>] deny [<IP/MASK>|any|
host <IP>]
{[rule-precedence <1-5000>|
log {rule-precedence <1-5000>}]}
access-list [<1-99>|<1300-1999>] permit [<IP/MASK>|any|
host <IP>]
{[rule-precedence <1-5000>|
log {rule-precedence <1-5000>}]}
access-list [<1-99>|<1300-1999>] mark [8021p <0-7>|
dscp <0-63>|tos <0-255>] [<IP/MASK>|any|host <IP>]
{[rule-precedence <1-5000>|log {rule-precedence <1-5000>}]}
For Extended IP ACLs:
access-list [<100-199>|<2000-2699>] [deny|permit|mark]
[icmp|ip|tcp|upd]
access-list [<100-199>|<2000-2699>] [deny|permit|mark] icmp
[<source-IP/Mask>|any|host <IP>] [<dest-IP/Mask>|any|host <IP>]
{<ICMP-type>
{<ICMP-code>}} {log} {rule-precedence <1-5000>}
access-list [<100-199>|<2000-2699>] [deny|permit|mark]ip
[<source-IP/Mask>|any|host <IP>] [<dest-IP/Mask>|any|host <IP>]
{log}
{rule-precedence <1-5000>}