Brocade Converged Enhanced Ethernet Administrator's Guide v6.1.2_cee (53-1001258-01, June 2009)
Table Of Contents
- Contents
- Figures
- Tables
- About This Document
- Introducing FCoE
- Using the CEE CLI
- In this chapter
- CEE CLI configuration guidelines and restrictions
- Using the CEE command line interface (CLI)
- CEE CLI RBAC permissions
- Accessing the CEE CLI through the console interface or through a Telnet session
- Accessing the CEE CLI from the Fabric OS shell
- Accessing CEE CLI command modes
- Using CEE CLI keyboard shortcuts
- Displaying CEE CLI commands and command syntax
- Using CEE CLI command completion
- CEE CLI command syntax conventions
- Using CEE CLI command output modifiers
- Configuring VLANs Using the CEE CLI
- In this chapter
- VLAN overview
- Ingress VLAN filtering
- VLAN configuration guidelines and restrictions
- Default VLAN configuration
- VLAN configuration procedures
- Enabling and disabling a CEE interface
- Configuring the MTU on a CEE interface
- Creating a VLAN interface
- Configuring a VLAN interface to forward FCoE traffic
- Configuring a CEE interface as a Layer 2 switch port
- Configuring a CEE interface as an access interface or a trunk interface
- Configuring VLAN classifier rules
- Configuring VLAN classifier groups
- Associating a VLAN classifier group to a CEE interface
- Clearing VLAN counter statistics
- Displaying VLAN information
- Configuring the MAC address table
- Configuring STP, RSTP, and MSTP using the CEE CLI
- In this chapter
- STP overview
- RSTP overview
- MSTP overview
- STP, RSTP, and MSTP configuration guidelines and restrictions
- Default STP, RSTP, and MSTP configuration
- STP, RSTP, and MSTP configuration procedures
- STP, RSTP, and MSTP-specific configuration procedures
- STP and RSTP-specific configuration procedures
- RSTP and MSTP-specific configuration procedures
- MSTP-specific configuration procedures
- 10-Gigabit Ethernet CEE interface-specific configuration
- Global STP, RSTP, and MSTP-related configuration procedures
- Clearing STP, RSTP, and MSTP-related information
- Displaying STP, RSTP, and MSTP-related information
- Configuring Link Aggregation using the CEE CLI
- Configuring LLDP using the CEE CLI
- Configuring ACLs using the CEE CLI
- In this chapter
- ACL overview
- Default ACL configuration
- ACL configuration guidelines and restrictions
- ACL configuration procedures
- Creating a standard MAC ACL and adding rules
- Creating an extended MAC ACL and adding rules
- Modifying a MAC ACL
- Removing a MAC ACL
- Reordering the sequence numbers in a MAC ACL
- Applying a MAC ACL to a CEE interface
- Applying a MAC ACL to a VLAN interface
- Clearing MAC ACL counters
- Displaying MAC ACL information
- Configuring QoS using the CEE CLI
- Configuring FCoE using the Fabric OS CLI
- Administering the switch
- Configuring RMON using the CEE CLI
- Index
98 Converged Enhanced Ethernet Administrator’s Guide
53-1001258-01
ACL configuration procedures
7
Modifying a MAC ACL
With existing MAC ACLs, you can add and remove rules. You cannot change existing rules, however,
you can remove the rule and then recreate it with the desired changes.
If you need to add more rules between existing rules than the current sequence numbering allows,
you can use the resequence command to reassign sequence numbers. For detailed information,
see “Reordering the sequence numbers in a MAC ACL” on page 99.
NOTE
Using the permit and deny keywords, you can create many different rules. The examples in this
section provide the basic knowledge needed to modify MAC ACLs.
To modify a MAC ACL, perform the following steps from Privileged EXEC mode:
7. Create a rule in the MAC ACL to permit or deny
the host source MAC address and the host
destination MAC address. Additionally:
• You can access control by EtherType (ipv4,
fcoe, arp or custom EtherType). Custom
EtherType values range between 1536 and
65535.
• Use the count option for the rule to show
how many packets hit that entry.
switch(conf-macl-ext)#{permit | deny}
host HHHH.HHHH.HHHH host
HHHH.HHHH.HHHH [custom EtherType value
| arp | count | ipv4 | fcoe]
8. Use the seq option to insert a rule anywhere in
the MAC ACL.
switch(conf-macl-std)#seq 5 {permit |
deny} HHHH.HHHH.HHHH HHHH.HHHH.HHHH
Step Task Command
1. Enter global configuration mode. switch#config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
2. Specify the ACL that you want to modify. In this
example, the extended MAC ACL name is
“test_02.”
switch(config)#mac access-list
extended test_02
switch(conf-macl-ext)#
3. Create a rule in the MAC ACL. Use a sequence
number to specify a position for the rule in the
ACL. Without a sequence number, the rule is
added to the end of the rules.
Example:
switch(conf-macl-ext)#seq 100 deny any
any
4. Remove a rule from the MAC ACL. switch(conf-macl-ext)#no seq 100
switch(conf-macl-ext)#
5. Modify sequence number 100 by recreating it
with new parameters.
switch(conf-macl-ext)#seq 100 permit
any any
Step Task Command