Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
1771177217731774177517761777177817791780
1718 FastIron Configuration Guide
53-1002494-02
Extended numbered ACL configuration
The 802.1p-priority-matching option inspects the 802.1p bit in the ACL that can be used with
adaptive rate limiting. Enter a value from 0 – 7. For details, refer to “Inspecting the 802.1p bit in the
ACL for adaptive rate limiting” on page 1781.
The dscp-cos-mapping option maps the DSCP value in incoming packets to a hardware table that
provides mapping of each of the 0 – 63 DSCP values, and distributes them among eight traffic
classes (internal priorities) and eight 802.1p priorities.
NOTE
The dscp-cos-mapping option overrides port-based priority settings.
NOTE
The dscp-cos-mapping option is not supported for FCX devices. The dscp-cos-mapping option is
supported on FESX and FSX devices only.
The dscp-marking option enables you to configure an ACL that marks matching packets with a
specified DSCP value. Enter a value from 0 – 63. Refer to “Using an IP ACL to mark DSCP values
(DSCP marking)” on page 1742.
The dscp-matching option matches on the packet’s DSCP value. Enter a value from 0 – 63. This
option does not change the packet’s forwarding priority through the device or mark the packet.
Refer to “DSCP matching” on page 1744.
The log parameter enables SNMP traps and Syslog messages for inbound packets denied by the
ACL:
You can enable logging on inbound ACLs and filters that support logging even when the ACLs
and filters are already in use. To do so, re-enter the ACL or filter command and add the log
parameter to the end of the ACL or filter. The software replaces the ACL or filter command with
the new one. The new ACL or filter, with logging enabled, takes effect immediately.
The traffic-policy option enables the device to rate limit inbound traffic and to count the packets
and bytes per packet to which ACL permit or deny clauses are applied. For configuration
procedures and examples, refer to the chapter “Traffic Policies” on page 1773.
Configuration examples for extended numbered ACLs
To configure an extended access control list that blocks all Telnet traffic received on port 1/1 from
IP host 209.157.22.26, enter the following commands.
Here is another example of commands for configuring an extended ACL and applying it to an
interface. These examples show many of the syntax choices. Notice that some of the entries are
configured to generate log entries while other entries are not thus configured.
Brocade(config)#access-list 101 deny tcp host 209.157.22.26 any eq telnet log
Brocade(config)#access-list 101 permit ip any any
Brocade(config)#int eth 1/1
Brocade(config-if-e1000-1/1)#ip access-group 101 in
Brocade(config)#write memory