Manualshelf

Technical data

ManualsBrandsApplication Systems ManualsComputer equipmentADX-64
61626364656667686970
58 ServerIron ADX NAT64 Configuration Guide
53-1002288-02
Modifying ACLs
4
DRAFT: BROCADE CONFIDENTIAL
Syntax: show ip access-list <acl-number> | begin | exclude | include <keyword>
Enter the ACL’s number for the <acl-number> parameter.
Use the | operator to indicate a keyword.
Enter the begin <keyword> parameter to start the display beginning with the first line containing
text that matches the keyword. For example, if you enter begin Total, the displayed information
begins with the line containing the word “Total”.
Enter the exclude <keyword> parameter to exclude any lines containing text that match the
keyword. For example, if you enter exclude Total, any line containing the word “Total” is excluded
from the display.
Enter the include <keyword> display only those lines containing text that match the keyword. For
example, if you enter include Total, any line containing the word “Total” is included in the display.
If ACL entries, for both numbered and named ACLs, have remarks, the display
will also include the remarks if they contain characters that match the
specified keywords. For example, ACL 99 might contain the following entries:
ServerIronADX(config)# show access-list 99
Standard IP access-list 99
ACL Remark: Deny Building A
deny host 1.2.3.4
Permit First Floor Users
permit host 5.6.7.8
deny host 5.10.11.12
permit any
To show all entries containing the keyword “deny” you obtain the following
output:
ServerIronADX(config)#show access-list 99 | include deny
Standard IP access-list 99
ACL Remark: Deny Building A
deny host 1.2.3.4
deny host 5.10.11.12
NOTE
All lines with the keyword “deny”, including remarks are included in the display.
Modifying ACLs
When you use the Brocade device’s CLI to configure any ACL, the software places the ACL entries in
the ACL in the order you enter them. For example, if you enter the following entries in the order
shown below, the software always applies the entries to traffic in the same order.
ServerIronADX(config)# access-list 1 deny 209.157.22.0/24
ServerIronADX(config)# access-list 1 permit 209.157.22.26
If a packet matches the first ACL entry in this ACL and is therefore denied, the software does not
compare the packet to the remaining ACL entries. In this example, packets from host
209.157.22.26 will always be dropped, even though packets from this host match the second
entry.