Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
41424344454647484950
xlii FastIron Configuration Guide
53-1002494-02
Extended numbered ACL configuration. . . . . . . . . . . . . . . . . . . . . 1714
Extended numbered ACL syntax . . . . . . . . . . . . . . . . . . . . . . .1714
Configuration examples for extended numbered ACLs . . . . .1718
Extended named ACL configuration. . . . . . . . . . . . . . . . . . . . . . . .1720
Extended named ACL syntax. . . . . . . . . . . . . . . . . . . . . . . . . .1721
Configuration example for extended named ACLs. . . . . . . . .1725
Applying egress ACLs to Control (CPU) traffic . . . . . . . . . . . . . . . .1725
Preserving user input for ACL TCP/UDP port numbers. . . . . . . . .1725
ACL comment text management . . . . . . . . . . . . . . . . . . . . . . . . . .1726
Adding a comment to an entry in a numbered ACL. . . . . . . .1726
Adding a comment to an entry in a named ACL. . . . . . . . . . .1727
Deleting a comment from an ACL entry . . . . . . . . . . . . . . . . .1727
Viewing comments in an ACL . . . . . . . . . . . . . . . . . . . . . . . . .1727
Applying an ACL to a virtual interface in a protocol-
or subnet-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1728
ACL logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1729
Enabling strict control of ACL filtering of fragmented packets. . .1732
Enabling ACL support for switched traffic in the router image . .1733
Enabling ACL filtering based on VLAN membership or VE port
membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1734
Configuration notes for ACL filtering. . . . . . . . . . . . . . . . . . . .1734
Applying an IPv4 ACL to specific VLAN members on
a port (Layer 2 devices only) . . . . . . . . . . . . . . . . . . . . . . . . . .1734
Applying an IPv4 ACL to a subset of ports on a virtual
interface (Layer 3 devices only) . . . . . . . . . . . . . . . . . . . . . . .1735
ACLs to filter ARP packets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1736
Configuration considerations for filtering ARP packets. . . . .1737
Configuring ACLs for ARP filtering . . . . . . . . . . . . . . . . . . . . . .1737
Displaying ACL filters for ARP . . . . . . . . . . . . . . . . . . . . . . . . .1738
Clearing the filter count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1738
Filtering on IP precedence and ToS values . . . . . . . . . . . . . . . . . .1739
TCP flags - edge port security . . . . . . . . . . . . . . . . . . . . . . . . .1739
QoS options for IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1740
Configuration notes for QoS options on
FCX and ICX devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1740
Using an ACL to map the DSCP value
(DSCP CoS mapping) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1741
Using an IP ACL to mark DSCP values (DSCP marking). . . . .1742
DSCP matching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1744
ACL-based rate limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1744
ACL statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1745
ACLs to control multicast features . . . . . . . . . . . . . . . . . . . . . . . . .1745
Enabling and viewing hardware usage statistics for an ACL . . . . 1745
Displaying ACL information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1746
Troubleshooting ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1747