Acl configuration and management, Creating a standard mac acl and adding rules – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

Page 438

Advertising
background image

406

Network OS NETCONF Operations Guide

53-1003231-02

ACL configuration and management

28

seq 6 permit tcp any any eq 443

seq 7 permit udp any any eq 161

seq 8 permit udp any any eq 111

seq 9 permit tcp any any eq 123

seq 10 permit tcp any any range 600 65535

seq 11 permit udp any any range 600 65535

Refer to the Network OS Administrator’s Guide for an explanation of ACL rules.

ACL configuration and management

NOTE

Issue the <bna-config-cmd> RPC to save your configuration changes.

Two types of MAC ACL exist:

Standard—Permit and deny traffic according to the source MAC address in the incoming frame.
Use standard MAC ACLs if you only need to filter traffic based on source addresses.

Extended—Permit and deny traffic according to the source and destination MAC addresses in
the incoming frame, as well as EtherType.

Creating a standard MAC ACL and adding rules

A MAC ACL does not take effect until it is applied to a Layer 2 interface. Refer to

“Applying a MAC

ACL to a DCB interface”

on page 409 and

“Applying a MAC ACL to a VLAN interface”

on page 410.

To create a standard MAC ACL and add rules, perform the following steps.

1. Issue the <edit-config> RPC to configure the <mac> node in the

urn:brocade.com:mgmt:brocade-mac-access-list namespace.

2. Under the <mac> node, include the <access-list>/<standard> hierarchy of node elements to

create a standard ACL.

3. Under the <standard> node, include the <name> leaf node, and specify the name of the ACL

to which you want to create or add rules.

4. Under the <standard> node, specify a <seq> node element for each rule you want to

configure.

5. Under each <seq> node, specify the following leaf elements.

a. In the <seq-id> element, set a sequence number for the rule to identify the rule and

determine the sequence in which rules are applied (lowest <seq-id> first).

b. In the <action> element, specify “deny” to create a rule in the MAC ACL to drop traffic with

the source MAC address, “permit” to create a rule in the MAC ACL to permit traffic with the
source MAC address, or “hard-drop” to create a rule in the MAC ACL to force drop traffic.

c. In the <source> field, specify a MAC address from which traffic is permitted or denied.

d. In the <src-mac-addr-mask> field, specify a MAC address mask.

For a complete list of <seq> node leaf elements, refer to the brocade-mac-access-list.yang file.

Advertising
See also other documents in the category Brocade Computer Accessories: