Modifying mac acl rules – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

Page 443

Advertising

Network OS NETCONF Operations Guide

411

53-1003231-02

ACL configuration and management

<mac-access-list>test_02</mac-access-list>

<mac-direction>in</mac-direction>

</access-group>

</mac>

</vlan>

</interface>

</interface-vlan>

</config>

</edit-config>

</rpc>

<rpc-reply message-id="2403" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">

<ok/>

</rpc-reply>

Modifying MAC ACL rules

You cannot modify the existing rules of a MAC ACL. However, you can remove the rule and then
recreate it with the desired changes.

Use a sequence number to specify the rule you wish to modify. Without a sequence number, a new
rule is added to the end of the list, and existing rules are unchanged.

Using the permit and deny keywords, you can create many different rules. The examples in this
section provide the basic knowledge needed to modify MAC ACLs.

To modify a MAC ACL, perform the following steps.

1. Issue the <edit-config> RPC to configure the <mac> node in the

urn:brocade.com:mgmt:brocade-mac-access-list workspace.

2. Under the <mac> node, include the <access-list>/<extended> or <access-list>/<standard>

hierarchy of node elements.

3. Under the <extended> or <standard> node, include the <name> element and specify the

name of the ACL you want to modify.

4. Under the <extended> or <standard> node, include the <seq> node and include the delete

operation in the element tag.

5. Under the <seq> node, include the <seq-id> leaf element, and specify the sequence ID of the

rule you want to change.

This action deletes the rule. The following example deletes rule 100. It assumes that test_02
contains an existing rule number 100 with the “deny any any” options.

<?xml version="1.0" encoding="UTF-8"?>

<edit-config>

</target>

<access-list>

<seq xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"

operation="delete">

<seq-id>100</seq-id>

Advertising