Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
1771177217731774177517761777177817791780
FastIron Configuration Guide 1713
53-1002494-02
Standard named ACL configuration
The host <source-ip> | <hostname> parameter lets you specify a host IP address or name. When
you use this parameter, you do not need to specify the mask. A mask of all zeros (0.0.0.0) is
implied.
The any parameter configures the policy to match on all host addresses.
The log argument configures the device to generate Syslog entries and SNMP traps for inbound
packets that are denied by the access policy.
NOTE
You can enable logging on inbound ACLs and filters that support logging even when the ACLs and
filters are already in use. To do so, re-enter the ACL or filter command and add the log parameter to
the end of the ACL or filter. The software replaces the ACL or filter command with the new one. The
new ACL or filter, with logging enabled, takes effect immediately.
The in | out parameter applies the ACL to incoming or outgoing traffic on the interface to which you
apply the ACL. You can apply the ACL to an Ethernet port or virtual interface.
NOTE
If the ACL is bound to a virtual routing interface, you also can specify a subset of ports within the
VLAN containing that interface when assigning an ACL to the interface. See “Enabling ACL filtering
based on VLAN membership or VE port membership” on page 1734 for further details.
Configuration example for standard named ACLs
To configure a standard named ACL, enter commands such as the following.
The commands in this example configure a standard ACL named “Net1”. The entries in this ACL
deny packets from three source IP addresses from being forwarded on port 1. Since the implicit
action for an ACL is “deny”, the last ACL entry in this ACL permits all packets that are not explicitly
denied by the first three ACL entries. For an example of how to configure the same entries in a
numbered ACL, refer to “Configuring standard numbered ACLs” on page 1709.
Notice that the command prompt changes after you enter the ACL type and name. The “std” in the
command prompt indicates that you are configuring entries for a standard ACL. For an extended
ACL, this part of the command prompt is “ext“. The “nACL” indicates that you are configuring a
named ACL.
Brocade(config)#ip access-list standard Net1
Brocade(config-std-nACL)#deny host 209.157.22.26 log
Brocade(config-std-nACL)#deny 209.157.29.12 log
Brocade(config-std-nACL)#deny host IPHost1 log
Brocade(config-std-nACL)#permit any
Brocade(config-std-nACL)#exit
Brocade(config)#int eth 1/1
Brocade(config-if-e1000-1/1)#ip access-group Net1 in