Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 5

Advertising
background image

Multi-Service IronWare Security Configuration Guide

v

53-1003035-02

Configuring AAA authentication-method
lists for login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68

Configuring authentication-method lists . . . . . . . . . . . . . . . . . . . . . .69

Configuration considerations for
authentication-method lists . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
Examples of authentication-method lists. . . . . . . . . . . . . . . . . .70

Chapter 2

Layer 2 Access Control Lists

Configuration rules and notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

General considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Configuration considerations for dual inbound ACLS on Brocade
NetIron CES and Brocade NetIron CER devices. . . . . . . . . . . . .75
Configuration considerations for VPLS, VLL,
and VLL-Local endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
Types of Layer-2 ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
ACL editing and sequence numbers. . . . . . . . . . . . . . . . . . . . . . 76

Creating a numbered Layer-2 ACL table . . . . . . . . . . . . . . . . . . . . . . 77

Filtering and priority manipulation based on
802.1p priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80
Inserting and deleting Layer-2 ACL clauses . . . . . . . . . . . . . . . .82
Increasing the maximum number of clauses per
Layer-2 ACL table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
Binding a numbered Layer-2 ACL table to
an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
Filtering by MAC address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
Filtering broadcast traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Using the priority option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Using the priority force option . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Using the priority mapping option. . . . . . . . . . . . . . . . . . . . . . . .83
Using the drop-precedence keyword option. . . . . . . . . . . . . . . .83
Using the drop-precedence-force keyword option . . . . . . . . . . .84
Using the mirror keyword option . . . . . . . . . . . . . . . . . . . . . . . . .84
Using the mark flow ID keyword option . . . . . . . . . . . . . . . . . . .84

Creating a named Layer-2 ACL table . . . . . . . . . . . . . . . . . . . . . . . . .86

Binding a named Layer-2 ACL table to an interface . . . . . . . . .86

ACL accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Enabling and disabling ACL accounting on Brocade NetIron XMR and
Brocade MLX series devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
ACL accounting on Brocade NetIron CES and Brocade NetIron CER
devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Displaying Layer-2 ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Displaying Layer-2 ACL statistics on Brocade NetIron XMR and
Brocade MLX series devices . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Configuring ACL Deny Logging for Layer-2
inbound ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Displaying Layer-2 ACL statistics on Brocade NetIron CES and
Brocade NetIron CER devices . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Advertising
Popular Brands
Popular manuals