Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
1791179217931794179517961797179817991800
FastIron Configuration Guide 1733
53-1002494-02
Enabling ACL support for switched traffic in the router image
Enabling ACL support for switched traffic in the router image
NOTE
The bridged-routed CLI parameter applies to FSX and FESX devices only. For FWS, Brocade FCX
Series and ICX devices, ACL support for switched traffic in the router image is enabled by default.
There is no command to enable or disable it.
For outbound traffic, ACL support is enabled on switched traffic by default. The bridged-routed
command is not applicable.
By default, when an ACL is applied to a physical or virtual routing interface, the Brocade Layer 3
device filters routed traffic only. It does not filter traffic that is switched from one port to another
within the same VLAN or virtual routing interface, even if an ACL is applied to the interface.
You can enable the device to filter switched traffic within a VLAN or virtual routing interface. When
filtering is enabled, the device uses the ACLs applied to inbound traffic to filter traffic received by a
port from another port in the same virtual routing interface.
To enable this feature, enter a command such as the following.
Brocade(config)# access-list 101 bridged-routed
Applying the ACL rule above to an interface enables filtering of traffic switched within a VLAN or
virtual routing interface.
Syntax: [no] access-list <ACL-ID> bridged-routed
The <ACL-ID> parameter specifies a standard or extended numbered or named ACL.
You can use the bridged-routed feature in conjunction with enable ACL-per-port-per-vlan, to assign
an ACL to certain ports of a VLAN under the virtual interface configuration level. In this case, all of
the Layer 3 traffic (bridged and routed) are filtered by the ACL. The following shows an example
configuration.
Brocade(config)#vlan 101 by port
Brocade(config-vlan-101)#tagged ethernet 1 to 4
Brocade(config-vlan-101)#router-interface ve 101
Brocade(config-vlan-101)#exit
Brocade(config)#enable ACL-per-port-per-vlan
Brocade(config)#access-list 101 bridged-routed
Brocade(config)#write memory
Brocade(config)#exit
Brocade#reload
...
Brocade(config-vif-101)#ip access group 1 in ethernet 1 ethernet 3 ethernet 4
NOTE
For FastIron X Series devices, the enable ACL-per-port-per-vlan command must be followed by the
write-memory and reload commands to place the change into effect.