Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 6

Advertising

background image

vi

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

Configuring standard numbered ACLs. . . . . . . . . . . . . . . . . . . . . . . .86

Standard numbered ACL syntax . . . . . . . . . . . . . . . . . . . . . . . . .86
Configuration example for standard numbered ACLs . . . . . . . . 87

Standard named ACL configuration. . . . . . . . . . . . . . . . . . . . . . . . . . 87

Standard named ACL syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Configuration example for standard named ACLs . . . . . . . . . . .90

Extended numbered ACL configuration . . . . . . . . . . . . . . . . . . . . . . .90

Extended numbered ACL syntax . . . . . . . . . . . . . . . . . . . . . . . . . 91
Configuration examples for extended numbered ACLs . . . . . . .95

Extended named ACL configuration. . . . . . . . . . . . . . . . . . . . . . . . . .96

Extended named ACL syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Applying egress ACLs to Control (CPU) traffic . . . . . . . . . . . . . . . . .101

Preserving user input for ACL TCP/UDP port numbers. . . . . . . . . .101

ACL comment text management . . . . . . . . . . . . . . . . . . . . . . . . . . .102

Adding a comment to an entry in a numbered ACL. . . . . . . . .102
Adding a comment to an entry in a named ACL. . . . . . . . . . . .103
Deleting a comment from an ACL entry . . . . . . . . . . . . . . . . . .103
Viewing comments in an ACL . . . . . . . . . . . . . . . . . . . . . . . . . .103

Applying an ACL to a virtual interface in a protocol-
or subnet-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104

ACL logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Configuration notes for ACL logging . . . . . . . . . . . . . . . . . . . . .105
Configuration tasks for ACL logging . . . . . . . . . . . . . . . . . . . . .106
Example ACL logging configuration. . . . . . . . . . . . . . . . . . . . . .106
Displaying ACL Log Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . .107

Enabling strict control of ACL filtering of fragmented packets. . . .108

Enabling ACL support for switched traffic in the router image . . .109

Enabling ACL filtering based on VLAN membership or VE port
membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109

Configuration notes for ACL filtering. . . . . . . . . . . . . . . . . . . . .109
Applying an IPv4 ACL to specific VLAN members on
a port (Layer 2 devices only) . . . . . . . . . . . . . . . . . . . . . . . . . . .110
Applying an IPv4 ACL to a subset of ports on a virtual
interface (Layer 3 devices only) . . . . . . . . . . . . . . . . . . . . . . . .110

ACLs to filter ARP packets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

Configuration considerations for filtering ARP packets. . . . . .112
Configuring ACLs for ARP filtering . . . . . . . . . . . . . . . . . . . . . . .112
Displaying ACL filters for ARP . . . . . . . . . . . . . . . . . . . . . . . . . .113
Clearing the filter count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113

Filtering on IP precedence and ToS values . . . . . . . . . . . . . . . . . . .113

TCP flags - edge port security . . . . . . . . . . . . . . . . . . . . . . . . . .114

QoS options for IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114

Configuration notes for QoS options on Brocade ICX 6650 . .115
Using an IP ACL to mark DSCP values (DSCP marking). . . . . .115
DSCP matching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117

ACL-based rate limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117

Advertising

Popular Brands

Popular manuals