Brocade Communications Systems Brocade ICX 6650 6650 User Manual
Page 118
98
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
Extended named ACL configuration
If you enable the software to display IP subnet masks in CIDR format, the mask is saved in the file
in “/ mask-bits ” format. To enable the software to display the CIDR masks, enter the ip
show-subnet-length command at the global CONFIG level of the CLI. You can use the CIDR format to
configure the ACL entry regardless of whether the software is configured to display the masks in
CIDR format.
NOTE
If you use the CIDR format, the ACL entries appear in this format in the running-config and
startup-config files, but are shown with subnet mask in the display produced by the show ip
access-list command.
The destination-ip | hostname parameter specifies the destination IP host for the policy. If you want
the policy to match on all destination addresses, enter any.
The icmp-type | icmp-num parameter specifies the ICMP protocol type:
•
This parameter applies only if you specified icmp as the ip-protocol value.
•
If you use this parameter, the ACL entry is sent to the CPU for processing.
•
If you do not specify a message type, the ACL applies to all types of ICMP messages.
The icmp-num parameter can be a value from 0 – 255.
The icmp-type parameter can have one of the following values, depending on the software version
the device is running:
•
any-icmp-type
•
echo
•
echo-reply
•
information-request
•
log
•
mask-reply
•
mask-request
•
parameter-problem
•
redirect
•
source-quench
•
time-exceeded
•
timestamp-reply
•
timestamp-request
•
traffic policy
•
unreachable
•
num
NOTE
The QoS options listed below are only available if a specific ICMP type is specified for the icmp-type
parameter and cannot be used with the any-icmp-type option above. See
“QoS options for IP ACLs”
on page 1734for more information on using ACLs to perform QoS.