Acl editing and sequence numbers, Upgrade and downgrade considerations – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 118

Advertising
background image

100

Multi-Service IronWare Security Configuration Guide

53-1003035-02

ACL IDs and entries

3

ncopy tftp ip-addr from-name running-config

In this case, the ACLs are added to the existing configuration.

ACL editing and sequence numbers

Multi-Service IronWare R05.6.00 supports ACL editing and ACL entry sequence numbers for
Layer-2, IPv4 and IPv6 ACLs. This chapter describes the ACL editing feature applied to numbered
and named IPv4 ACLs. Refer to

Appendix A, “ACL Editing and Sequence Numbers”

for a functional

descripton of the ACL editor as it applies to Layer-2, IPv4 and IPv6 ACLs.

Upgrade and downgrade considerations

Multi-Service IronWare R05.6.00 supports ACL entry sequence numbers for Layer-2, IPv4 and IPv6
ACLs. Where ACL filters have been configured on R05.6.00 and you want to downgrade a device to
an earlier version of software, you should enable suppress-acl-seq prior to the downgrade.

NOTE

If suppress-acl-seq is not enabled before downgrade from Multi-Service IronWare R05.6.00, ACL
configurations created with the sequence parameter on R05.6.00 will not be allowed on older
releases and will result in an error.

By default, the suppress-acl-seq switch is OFF. When it is turned ON, the system hides or
suppresses sequence numbers for ACL filters while:

Executing show access-list commands

Displaying the running-config

Saving the running-config using write memory

Copying the running-config to a tftp server

The following example shows the output from the show access-list command when
suppress-acl-seq is OFF.

Brocade(config)# show access-list 1

Standard IP access list 1

40: sequence 40 deny host 1.1.1.1 log

50: deny any log

To turn suppress-acl-seq ON, enter the following commands.

Brocade(config)# acl-policy

Brocade(config-acl-policy)# suppress-acl-seq

Brocade(config-acl-policy)# exit

The following examples show the output of the show access-list command when suppress-acl-seq
is ON.

Brocade(config)# show access-list 1

Standard IP access list 1

40: deny host 1.1.1.1 log

50: deny any log

The following example shows the output of the show running-config command when
suppress-acl-seq is ON.

Brocade(config)# show running-config

access-list 1 deny host 1.1.1.1 log

access-list 1 deny any log

Advertising
Popular Brands
Popular manuals