Creating an extended mac acl and adding rules – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual
Page 439
Network OS NETCONF Operations Guide
407
53-1003231-02
ACL configuration and management
28
6. Issue the <bna-config-cmd> RPC to save the running-config file to the startup-config file.
The following example creates a standard MAC ACL named test_01 and adds two rules to it:
•
Rule 100 drops traffic from source MAC address 0011.2222.3333 and maintains a count of
packets dropped.
•
Rule 1000 allows traffic from source MAC address 0022.1111.2222 and maintains a count of
packets allowed.
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="2400" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<mac xmlns="urn:brocade.com:mgmt:brocade-mac-access-list">
<access-list>
<standard>
<name>test_01</name>
<seq>
<seq-id>100</seq-id>
<action>deny</action>
<source>0011.2222.3333</source>
<src-mac-addr-mask>ffff.ffff.ffff</src-mac-addr-mask
<count/>
</seq>
<seq>
<seq-id>1000</seq-id>
<action>permit</action>
<source>0022.1111.2222</source>
<src-mac-addr-mask>ffff.ffff.ffff</src-mac-addr-mask
<count/>
</seq>
</standard>
</access-list>
</mac>
</config>
</edit-config>
</rpc>
<rpc-reply message-id="2400" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
Creating an extended MAC ACL and adding rules
The MAC ACL name length is limited to 64 characters. A MAC ACL does not take effect until it is
applied to a Layer 2 interface. Refer to
“Applying a MAC ACL to a DCB interface”
“Applying a MAC ACL to a VLAN interface”
To create an extended MAC ACL and add rules, perform the following steps.
1. Issue the <edit-config> RPC to configure the <mac> node in the
urn:brocade.com:mgmt:brocade-mac-access-list namespace.
2. Under the <mac> node, include the <access-list>/<extended> hierarchy of node elements to
create an extended ACL.