Brocade Converged Enhanced Ethernet Administrator's Guide v6.1.2_cee (53-1001258-01, June 2009)
Table Of Contents
- Contents
- Figures
- Tables
- About This Document
- Introducing FCoE
- Using the CEE CLI
- In this chapter
- CEE CLI configuration guidelines and restrictions
- Using the CEE command line interface (CLI)
- CEE CLI RBAC permissions
- Accessing the CEE CLI through the console interface or through a Telnet session
- Accessing the CEE CLI from the Fabric OS shell
- Accessing CEE CLI command modes
- Using CEE CLI keyboard shortcuts
- Displaying CEE CLI commands and command syntax
- Using CEE CLI command completion
- CEE CLI command syntax conventions
- Using CEE CLI command output modifiers
- Configuring VLANs Using the CEE CLI
- In this chapter
- VLAN overview
- Ingress VLAN filtering
- VLAN configuration guidelines and restrictions
- Default VLAN configuration
- VLAN configuration procedures
- Enabling and disabling a CEE interface
- Configuring the MTU on a CEE interface
- Creating a VLAN interface
- Configuring a VLAN interface to forward FCoE traffic
- Configuring a CEE interface as a Layer 2 switch port
- Configuring a CEE interface as an access interface or a trunk interface
- Configuring VLAN classifier rules
- Configuring VLAN classifier groups
- Associating a VLAN classifier group to a CEE interface
- Clearing VLAN counter statistics
- Displaying VLAN information
- Configuring the MAC address table
- Configuring STP, RSTP, and MSTP using the CEE CLI
- In this chapter
- STP overview
- RSTP overview
- MSTP overview
- STP, RSTP, and MSTP configuration guidelines and restrictions
- Default STP, RSTP, and MSTP configuration
- STP, RSTP, and MSTP configuration procedures
- STP, RSTP, and MSTP-specific configuration procedures
- STP and RSTP-specific configuration procedures
- RSTP and MSTP-specific configuration procedures
- MSTP-specific configuration procedures
- 10-Gigabit Ethernet CEE interface-specific configuration
- Global STP, RSTP, and MSTP-related configuration procedures
- Clearing STP, RSTP, and MSTP-related information
- Displaying STP, RSTP, and MSTP-related information
- Configuring Link Aggregation using the CEE CLI
- Configuring LLDP using the CEE CLI
- Configuring ACLs using the CEE CLI
- In this chapter
- ACL overview
- Default ACL configuration
- ACL configuration guidelines and restrictions
- ACL configuration procedures
- Creating a standard MAC ACL and adding rules
- Creating an extended MAC ACL and adding rules
- Modifying a MAC ACL
- Removing a MAC ACL
- Reordering the sequence numbers in a MAC ACL
- Applying a MAC ACL to a CEE interface
- Applying a MAC ACL to a VLAN interface
- Clearing MAC ACL counters
- Displaying MAC ACL information
- Configuring QoS using the CEE CLI
- Configuring FCoE using the Fabric OS CLI
- Administering the switch
- Configuring RMON using the CEE CLI
- Index
Converged Enhanced Ethernet Administrator’s Guide 93
53-1001258-01
Chapter
7Configuring ACLs using the CEE CLI
In this chapter
•ACL overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
•Default ACL configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
•ACL configuration guidelines and restrictions . . . . . . . . . . . . . . . . . . . . . . . . 94
•ACL configuration procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
ACL overview
NOTE
In the Brocade Fabric OS v6.1.2_cee release, only Layer 2 MAC access control lists (ACLs) are
supported.
ACLs filter traffic for the Brocade 8000 CEE switch and permit or deny incoming packets from
passing through interfaces that have the ACLs applied to them. You can apply ACLs on VLANs and
on Layer 2 interfaces. Each ACL is a unique collection of permit and deny statements (rules) that
apply to packets. When a packet is received on an interface, the switch compares the fields in the
packet against any ACLs applied to the interface to verify that the packet has the required
permissions to be forwarded. The switch compares the packet, sequentially, against each rule in
the ACL and either forwards the packet or drops the packet.
The switch examines ACLs associated with features configured on a given interface. As packets
enter the switch on an interface, ACLs associated with all inbound features configured on that
interface are examined. With MAC ACLs you can identify and filter traffic based on the MAC
address, EtherType, and Layer 2 protocol-specific information such as VLAN ID.
The primary benefits of ACLs are as follows:
• Provide a measure of security.
• Save network resources by reducing traffic.
• Block unwanted traffic or users.
• Reduce the chance of denial of service (DOS) attacks.