Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 124

Advertising
background image

104

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

Applying an ACL to a virtual interface in a protocol- or subnet-based VLAN

The following shows the comment text for a numbered ACL, ACL 100, in a show running-config
display.

Syntax: show running-config

The following example shows the comment text for an ACL in a show access-list display. The output
is identical in a show ip access-list display.

Syntax: show access-list ACL-num | ACL-name | all

or

Syntax: show ip access-list ACL-num | ACL-name | all

Applying an ACL to a virtual interface in a protocol-
or subnet-based VLAN

By default, when you apply an ACL to a virtual interface in a protocol-based or subnet-based VLAN,
the ACL takes effect on all protocol or subnet VLANs to which the untagged port belongs. To
prevent the Brocade device from denying packets on other virtual interfaces that do not have an
ACL applied, configure an ACL that permits packets in the IP subnet of the virtual interface in all
protocol-based or subnet-based VLANs to which the untagged port belongs. The following is an
example configuration.

Brocade# configure terminal
Brocade(config)# vlan 1 name DEFAULT-VLAN by port
Brocade(config-vlan-1)# ip-subnet 192.168.10.0 255.255.255.0
Brocade(config-vlan-ip-subnet)# static ethe 1
Brocade(config-vlan-ip-subnet)# router-interface ve 10
Brocade(config-vlan-ip-subnet)# ip-subnet 10.15.1.0 255.255.255.0
Brocade(config-vlan-ip-subnet)# static ethe 1/1/1
Brocade(config-vlan-ip-subnet)# router-interface ve 20
Brocade(config-vlan-ip-subnet)# logging console
Brocade(config-vlan-ip-subnet)# exit

Brocade# show running-config

access-list 100 remark The following line permits TCP packets
access-list 100 permit tcp 192.168.4.40/24 10.2.2.2/24
access-list 100 remark The following line permits UDP packets
access-list 100 permit udp 192.168.2.52/24 10.2.2.2/24
access-list 100 deny ip any any

Brocade# show access-list
IP access list rate-limit 100 0000.00bb.cccc
Extended IP access list TCP/UDP (Total flows: N/A, Total packets: N/A)
ACL Remark: The following line permits TCP packets
permit tcp 10.0.0.40 255.255.255.0 10.0.0.2 255.255.255.0 (Flows: N/A, Packets:
N/A)
ACL Remark: The following line permits UDP packets
permit udp 10.0.0.52 255.255.255.0 10.0.0.2 255.255.255.0 (Flows: N/A, Packets:
N/A)
deny ip any any (Flows: N/A, Packets: N/A)

Advertising
Popular Brands
Popular manuals