Standard acl syntax – Brocade BigIron RX Series Configuration Guide User Manual

Page 679

Advertising
background image

BigIron RX Series Configuration Guide

601

53-1002484-04

Configuring numbered and named ACLs

22

BigIron RX(config)# access-list 1 deny host 209.157.22.26 log

BigIron RX(config)# access-list 1 deny 209.157.29.12 log

BigIron RX(config)# access-list 1 deny host IPHost1 log

BigIron RX(config)# access-list 1 permit any

BigIron RX(config)# interface ethernet 1/1

BigIron RX(config-if-e10000-1/1)# ip access-group 1 in

BigIron RX(config)# write memory

The commands in this example configure an ACL to deny packets from three source IP addresses
from being forwarded on port 1/1. The last ACL entry in this ACL permits all packets that are not
explicitly denied by the first three ACL entries.

Standard ACL syntax

Syntax: [no] access-list <num> deny | permit <source-ip> | <hostname> <wildcard> [log]

or

Syntax: [no] access-list <num> deny | permit <source-ip>/<mask-bits> | <hostname> [log]

Syntax: [no] access-list <num> deny | permit host <source-ip> | <hostname> [log]

Syntax: [no] access-list <num> deny | permit any [log]

Syntax: [no] ip access-group <num> in

The 16 x 10 GE module only supports the following standard ACLs.

Syntax: [no] ip access-list <num> deny | permit <ip-protocol>

<source-ip> | <hostname> <wildcard>
[<operator> <source-tcp/udp-port>]
<destination-ip> | <hostname> <wildcard>
[<operator> <destination-tcp/udp-port>]
[match-all <tcp-flags>] [match-any <tcp-flags>]
[<icmp-type>] [established] [precedence <name> | <num>]

Parameters to configure standard ACL statements

<

num>

Enter 1 – 99 for a standard ACL.

deny | permit

Enter deny if the packets that match the policy are to be dropped; permit if they are
to be forwarded.

<

source-ip> |

<

hostname>

Specify the source IP address for the policy. Alternatively, you can specify the host
name. If you want the policy to match on all source addresses, enter any.

<

destination-ip> |

<

hostname>

Specify the destination IP address for the policy. Alternatively, you can specify the
host name. If you want the policy to match on all destination addresses, enter any.

NOTE: To specify the host name instead of the IP address, the host name must be configured using the ip dns

server-address… command at the global CONFIG level of the CLI.

Advertising
Popular Brands
Popular manuals