Manualshelf

Reference v4.1.0 Instruction Manual

ManualsBrandsBrocade ManualsComputer AccessoriesNetwork OS Command
681682683684685686687688689690
648 Network OS Command Reference
53-1003115-01
seq (standard IP ACLs)
2
seq (standard IP ACLs)
Inserts a rule anywhere in the IP ACL.
Synopsis seq value {deny | permit | hard-drop} [any | A:B:C:D:E:F:H:I/prefix_len | host SIP_address|
SIP_address mask] [count] [log]
no seq value {deny | permit | hard-drop} [any | A:B:C:D:E:F:H:I/prefix_len | host SIP_address|
SIP_address mask] [count] [log]
Operands value Specifies the sequence number for the rule. Valid values range from 0
through 4294967295.
permit Specifies rules to permit traffic.
deny Specifies rules to deny traffic.
hard-drop Drops the packet absolutely and can override the control packet trap
entries, but does not override the permit entry that occurs before this rule
in the ACL.
any Specifies any source MAC or IP address.
host SIP_address
Specifies the source host IP address for which to set permit or deny
conditions.
SIP_mask Specifies the destination host IP address for which to set permit or deny
conditions. The address can also be entered as an IP address, or an
IP address with a mask. The mask value can be entered in Classless
Interdomain Routing (CIDR) format, or in wildcard mask format.
For example, the following to entries yield the same results. The CIDR
equivalent of “209.157.22.26 0.0.0.255” is “209.157.22.26/24”.
In wildcard format, you can mask for any bit. For example, 0.255.0.255 is
valid.
count Enables the counting of the packets matching the rule.
log Packets matching the filter are sent to the CPU and a corresponding log
entry is generated by enabling the logging mechanism. This parameter is
only available with permit and deny.
remark comment An ASCII string 0 to 256 characters in length.
Defaults No IP ACLs are configured.
Command Modes Feature Access Control List configuration mode
Description Use this command to configure rules to match and permit or drop traffic based on source and
destination IP address and protocol type. You can also enable counters for a specific rule. There
are 255 ACL counters supported per port group.
Usage Guidelines Enter no seq value {deny | permit
| h
ard-drop} [any | A:B:C:D:E:F:H:I/prefix_len |
host SIP_address| SIP_address mask] [count] [log] to remove a rule from the IP ACL.
Examples None
See Also seq (extended MAC ACLs)