Inserting and deleting layer-2 acl clauses, Filtering by mac address – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 100

Advertising
background image

82

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Creating a numbered Layer-2 ACL table

2

Brocade(config)# access-list 401 sequence 23 permit 0000.1111.1121 ffff.ffff.ffff

any 23 etype any

Inserting and deleting Layer-2 ACL clauses

You can make changes to the Layer-2 ACL table definitions without unbinding and rebinding the
table from an interface. For example, you can add a new clause to the ACL table, delete a clause
from the table, delete the ACL table, etc.

Increasing the maximum number of clauses per
Layer-2 ACL table

You can increase the maximum number of clauses configurable within a Layer-2 (L2) ACL table.

To increase the maximum number of clauses per L2 ACL table, enter a command such as the
following at the Global CONFIG level of the CLI. The system supports 64 to 256 ACL table entries
per L2 ACL and a system reload is required after changing this value.

Brocade(config)# system-max l2-acl-table-entries 200

Syntax: [no] system-max l2-acl-table-entries max

NOTE

The l2-acl-table-entries controls the maximum number of filters supported on one Layer-2 ACL. The
named Layer-2 ACL is also subject to the configuration of this system-max value.

The max parameter specifies the maximum number of clauses per Layer-2 ACL. The minimum,
maximum and default values for this parameter are described in

Table 13

.

Binding a numbered Layer-2 ACL table to
an interface

To enable Layer-2 ACL filtering, bind the Layer-2 ACL table to an interface. Enter a command such
as the following at the Interface level of the CLI to bind an inbound Layer-2 ACL.

Brocade(config)# int e 4/12

Brocade(config-int-e100-4/12)# mac access-group 400 in

Enter a command such as the following at the Interface level of the CLI to bind an outbound Layer-2
ACL.

Brocade(config)# int e 4/12

Brocade(config-int-e100-4/12)# mac access-group 400 out

Syntax: [no] mac access-group num in | out

Filtering by MAC address

In the following example, an ACL is created that denies all traffic from the host with the MAC
address 0000.0056.7890 being sent to the host with the MAC address 0000.0033.4455.

Brocade(config)# access-list 401 deny 0012.3456.7890 ffff.ffff.ffff

0000.0033.4455 ffff.ffff.ffff

Brocade(config)# access-list 401 permit any any

Advertising
Popular Brands
Popular manuals