Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesBigIron RX Series
711712713714715716717718719720
BigIron RX Series Configuration Guide 633
53-1002484-04
Applying ACLs to interfaces
22
Applying ACLs to interfaces
Configuration examples in the section “Configuring numbered and named ACLs” on page 600
show that you apply ACLs to interfaces using the ip access-group command. This section present
additional information about applying ACLs to interfaces. Configuration examples for super ACLs
appear in the section “Configuring super ACLs” on page 613.
Reapplying modified ACLs
If you make an ACL configuration change, you must reapply the ACLs to their interfaces for the
change to take effect.
An ACL configuration change includes any of the following:
Adding, changing, or removing an ACL or an entry in an ACL
Changing a PBR policy
Changing ToS-based QoS mappings
ACL automatic rebind
ACL automatic rebind feature allows the newly changed ACL filter definitions to be automatically
applied to the ports where the ACL was bound without using the “ip rebind-acl” command.
NOTE
Brocade recommends that this feature only be used when a small number of ACL filters are
configured, otherwise a delay may be observed.
Enter commands such as the following to enable ACL automatic rebind.
BigIron RX(config)# auto-acl-rebind
Syntax: [no] auto-acl-rebind
Manually setting the ACL rebind
To reapply ACLs following an ACL configuration change, enter the following command at the global
CONFIG level of the CLI.
BigIron RX(config)# ip rebind-acl all
Syntax: [no] ip rebind-acl <num> | <name> | all
Applying ACLs to a virtual routing interface
You can apply an ACL to a virtual routing interface for the inbound traffic direction only. The virtual
interface is used for routing between VLANs, and contains all the ports within the VLAN. You also
can specify a subset of ports within the VLAN containing a specified virtual interface when
assigning an ACL to that virtual interface.
Use this feature when you do not want the ACLs to apply to all the ports in the virtual interface’s
VLAN or when you want to streamline ACL performance for the VLAN.