Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 915

Advertising
background image

Brocade Mobility RFS Controller CLI Reference Guide

903

53-1003098-01

12

disable [deny|permit] [<NETWORK-SERVICE-ALIAS-NAME>|icmp|ip|

proto <PROTOCOL-OPTIONS>|tcp|udp]

[<SOURCE-IP/MASK>|<NETWORK-GROUP-ALIAS-NAME>|any|

from-vlan <VLAN-ID>|host <SOURCE-HOST-IP>]

[<DEST-IP/MASK>|<NETWORK-GROUP-ALIAS-NAME>|

any|host <DEST-HOST-IP>] (log,mark [8021p <0-7>|dscp <0-63>],rule-precedence)

Example

The following example shows the ‘auto-tunnel-acl’ settings before the disable

command is executed:

rfs7000-37FABE(config-ip-acl-auto-tunnel-acl)#show context

ip access-list auto-tunnel-acl

permit ip host 200.200.200.99 30.30.30.1/24 rule-precedence 2

permit ip host 200.200.200.99 any rule-precedence 3

rfs7000-37FABE(config-ip-acl-auto-tunnel-acl)#

disable [deny|permit]

Disables a deny or permit access rule without removing it from the ACL
Provide the exact values used to configure the deny or permit rule.

<NETWORK-SERVICE-ALI
AS-NAME>

Specifies the network-service alias, identified by the <NETWORK-SERVICE-ALIAS-NAME> keyword, associated
with the deny/permit rule

icmp

Disables a rule applicable to ICMP packets only

ip

Disables a rule applicable to IP packets only

proto
<PROTOCOL-OPTIONS>

Disables a rule applicable to any Internet protocol other than TCP, UDP, or ICMP packets

<PROTOCOL-OPTIONS> – Identify the Internet protocol using the options available.

tcp

Disables a rule applicable to TCP packets only

udp

Disables a rule applicable to UDP packets only
After specifying the packet type, specify the source and destination devices and network address(es) to
match.

<SOURCE-IP/MASK>

Specify the source IP address and mask in the A.B.C.D/M format.

<NETWORK-GROUP-ALIA
S-NAME>

Specifies the network-group alias, identified by the <NETWORK-GROUP-ALIAS-NAME> keyword, associated
with this deny/permit rule

any

Select ‘any’ if the rule is applicable to any source IP address.

from-vlan <VLAN-ID>

Specify the VLAN IDs.

host
<SOURCE-HOST-IP>

Specify the source host’s exact IP address.

<DEST-IP/MASK>

Specify the destination IP address and mask in the A.B.C.D/M format.

<NETWORK-GROUP-ALIA
S-NAME>

Specifies the network-group alias, identified by the <NETWORK-GROUP-ALIAS-NAME> keyword, associated
with this deny/permit rule

any

Select ‘any’ if the rule is applicable to any destination IP address.

host <DEST-HOST-IP>

Specify the destination host’s exact IP address.

log

Select log, if the rule has been configured to log records in case of a match.

mark [8021p <0-7>|
dscp <0-63>]

Specifies packets to mark

8021p <0-7> – Marks packets by modifying 802.1.p VLAN user priority

dscp <0-63> – Marks packets by modifying DSCP TOS bits in the header

rule-precedence
<1-5000>

Specify the rule precedence. The deny or permit rule with the specified precedence is disabled.
To enable a disabled rule, enter the rule again without the ‘disable’ keyword.
The no > disable command removes a disabled rule from the ACL.

Advertising
See also other documents in the category Brocade Computer Accessories: