Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 84
- Page / 149
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
72 ServerIron ADX NAT64 Configuration Guide
53-1002444-02
Configuring rule-based ACLs
5
DRAFT: BROCADE CONFIDENTIAL
• <num>: A number from 0 through 15 that is the sum of the numeric values of the options you
want. The ToS field is a four-bit field following the Precedence field in the IP header. You can
specify one or more of the following. To select more than one option, enter the decimal value
that is equivalent to the sum of the numeric values of all the ToS options you want to select.
For example, to select the max-reliability and min-delay options, enter number 10. To select all
options, select 15.
The ip-pkt-len <value> parameter filters ICMP packets based on the IP packet length. The device
uses the <value> to match the total length field in the IP header of ICMP packets. You can specify a
value from 1 through 65535.
NOTE
This parameter applies only if you specified icmp as the <ip-protocol> value.
The log parameter enables SNMP traps and syslog messages for packets denied by the ACL.
You can enable logging on ACLs and filters that support logging even when the ACLs and filters are
already in use. To do so, re-enter the ACL or filter command and add the log parameter to the end
of the ACL or filter. The software replaces the ACL or filter command with the new one. The new ACL
or filter, with logging enabled, takes effect immediately.
Configuring standard or extended named ACLs
The configuration of named ACLs differs from the configuration of numbered ACLs in two significant
ways:
• Named ACL entries are configured using the ip access-list command. (Numbered ACL entries,
on the other hand, are configured using the access-list. command.)
• When you configure a named ACL, you must first specify the ACL type (standard or extended)
and the ACL name with one command, which places you in the configuration level for that ACL.
(Numbered ACL entries, on the other hand, may be configured on a single line.) Otherwise, the
command syntax for specifying named and numbered ACLs is the same.
The following configuration examples demonstrate the configuration of standard named ACLs and
extended named ACLs.
Configuration example for standard named ACL
To configure a named standard ACL entry, enter commands such as the following.
The commands in this example configure a standard ACL named “Net1”. The entries in this ACL
deny packets from three source IP addresses from being forwarded on port 1/1. Since the implicit
action for an ACL is “deny”, the last ACL entry in this ACL permits all packets that are not explicitly
denied by the first three ACL entries. For an example of how to configure the same entries in a
numbered ACL, refer to “Configuring standard numbered ACLs” on page 65.
ServerIronADX(config)# ip access-list standard Net1
ServerIronADX(config-std-nacl)# deny host 209.157.22.26 log
ServerIronADX(config-std-nacl)# deny 209.157.29.12 log
ServerIronADX(config-std-nacl)# deny host IPHost1 log
ServerIronADX(config-std-nacl)# permit any
ServerIronADX(config-std-nacl)# exit
ServerIronADX(config)# interface ethernet 1/1
ServerIronADX(config-if-1/1)# ip access-group Net1 out
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 9
- Command syntax conventions 10
- Notice to the reader 11
- Related publications 11
- Getting technical help 11
- NAT64 and NAT46 Overview 13
- Stateless NAT46 translation 14
- Protocol support 15
- NAT64 fragmentation support 17
- References 18
- Stateful NAT64 Configuration 19
- Operation of stateful NAT64 20
- 53-1002444-02 23
- Enabling connection logging 28
- Displaying NAT64 information 31
- Displaying NAT64 translations 32
- Displaying NAT64 statistics 33
- Displaying NAT64 resources 37
- Stateless NAT64 Configuration 39
- Operation of stateless NAT64 40
- High availability for NAT64 52
- Clearing NAT64 information 53
- Stateless NAT46 Configuration 55
- Operation of stateless NAT46 56
- High availability for NAT46 67
- Displaying NAT46 information 68
- Clearing NAT46 information 69
- Access Control Lists 71
- Rule-based ACLs 72
- Default ACL action 74
- ACL IDs and entries 74
- Configuring rule-based ACLs 77
- Modifying rule-based ACLs 85
- Reordering ACLs 86
- Applying ACLs to interfaces 87
- Adding comments to named ACLs 89
- ACL logging 94
- Displaying ACL log entries 95
- Clearing the ACL statistics 97
- Throttling the fragment rate 98
- DRAFT: BROCADE CONFIDENTIAL 100
- Enabling strict TCP mode 101
- Enabling strict UDP mode 102
- ACLs and ICMP 103
- Numbered ACLs 104
- Named ACLs 105
- • Enable the strict TCP mode 107
- IPv6 Access Control Lists 109
- Configuration notes 110
- Processing of IPv6 ACLs 110
- Configuring IPv6 ACLs 111
- IPv6 ACL syntax 114
- Syntax Description 116
- Displaying IPv6 ACLs 118
- Logging IPv6 ACLs 119
- Network Address Translation 121
- Configuring NAT 122
- Configuring static NAT 123
- Configuring dynamic NAT 123
- Enabling IP NAT 124
- NAT configuration examples 125
- IP NAT with VIP overlap 129
- Translation timeouts 130
- Stateless static IP NAT 132
- IP NAT redundancy 133
- Displaying NAT information 144
- Displaying NAT translation 147
- Displaying VRRPE information 148
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(16 pages)
(82 pages)© 2020, manymanuals.com. All rights reserved. | 0.221 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals