Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

Page 440

Advertising

408

Network OS NETCONF Operations Guide

53-1003231-02

ACL configuration and management

3. Under the <extended> node, include the <name> leaf node, and specify the name of the ACL

you want to create or modify.

4. Under the <extended> node, specify a <seq> node element for each rule you want to

configure.

5. Under each <seq> node, specify the following leaf elements.

a. In the <seq-id> element, set a sequence number for the rule.

b. In the <action> element, specify “deny” to create a rule in the MAC ACL to drop traffic with

the source or destination MAC address, “permit” to create a rule in the MAC ACL to permit
traffic with the source or destination MAC address, or “hard-drop” to create a rule in the
MAC ACL to force drop traffic.

c. Additional elements that define the source or destination devices or ports for which the

action is applied.

For a complete list of <seq> node leaf elements, refer to the brocade-mac-access-list.yang file.

6. Issue the <bna-config-cmd> RPC to save the running-config file to the startup-config file.

The following example creates an extended MAC access list named test_02 with the following rules:

•

Rule 5 allows traffic from MAC address 0022.3333.4444 destined for MAC address
0022.333.555 and maintains a count of accepted packets.

•

Rule 1000 allows traffic from MAC address 0022.1111.2222 and maintains a count of
accepted packets.

<?xml version="1.0" encoding="UTF-8"?>

<edit-config>

</target>

<access-list>

<seq>

<seq-id>5</seq-id>

<action>permit</action>

<src-mac-addr-mask>ffff.ffff.ffff</src-mac-addr-mask>

<dst-mac-addr-mask>ffff.ffff.ffff</dst-mac-addr-mask>

</seq>

<seq>

<seq-id>1000</seq-id>

<action>permit</action>

<src-mac-addr-mask>ffff.ffff.ffff</src-mac-addr-mask>

</seq>

</extended>

</access-list>

</mac>

</config>

Advertising