Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
81828384858687888990
ServerIron ADX NAT64 Configuration Guide 75
53-1002444-02
Modifying rule-based ACLs
5
DRAFT: BROCADE CONFIDENTIAL
access-list 1 deny host 209.157.22.26 log
access-list 1 deny 209.157.22.0 0.0.0.255 log
access-list 1 permit any
access-list 101 deny tcp any any eq http log
The software will apply the entries in ACL 1 in the order shown and stop at the first match.
Thus, if a packet is denied by one of the first three entries, the packet will not be permitted by
the fourth entry, even if the packet matches the comparison values in this entry.
4. Enter the command end on a separate line at the end of the file. This command indicates to
the software that the entire ACL list has been read from the file.
5. Save the text file.
6. On the Foundry device, enter the following command at the Privileged EXEC level of the CLI.
copy tftp running-config <tftp-ip-addr> <filename>
NOTE
This command will be unsuccessful if you place any commands other than access-list and end
(at the end only) in the file. These are the only commands that are valid in a file you load using
the copy tftp running-config command.
7. To save the changes to the device’s startup-config file, enter the following command at the
Privileged EXEC level of the CLI.
write memory
Here is a complete example of an ACL configuration file.
no access-list 1
no access-list 101
access-list 1 deny host 209.157.22.26 log
access-list 1 deny 209.157.22.0 0.0.0.255 log
access-list 1 permit any
access-list 101 deny tcp any any eq http log
end
NOTE
Do not place other commands in the file. The Foundry device reads only the ACL information in the
file and ignores other commands, including ip access-group commands. To assign ACLs to
interfaces, use the CLI.
Applying ACLs to interfaces
Configuration examples in the section “Configuring rule-based ACLs” on page 65 show that you
apply ACLs to interfaces using the ip access-group command.
If you make an ACL configuration change, you must reapply the ACLs to their interfaces to place the
change into effect.
An ACL configuration change includes any of the following:
Adding, changing, or removing an ACL or an entry in an ACL
Changing a PBR policy
To reapply ACLs following an ACL configuration change, enter the following command at the global
CONFIG level of the CLI.
ServerIronADX(config)# ip rebind-acl all