Manuals / Brocade Communications Systems / Computer Equipment / Network Card

Brocade Communications Systems 53-1002163-02 manual Default ACL configuration

Models: 53-1002163-02

1 168

Download 168 pages 40.76 Kb

Page 124

10 Default ACL configuration

MAC ACLs are supported on the following interface types:

•Physical interfaces

•Logical interfaces (LAGs)

•VLANs

Default ACL configuration

Table 22 lists the default ACL configuration.

TABLE 22	Default MAC ACL configuration

Parameter	Default setting

MAC ACLs	By default, no MAC ACLs are configured.

ACL configuration guidelines and restrictions

Follow these ACL configuration guidelines and restrictions when configuring ACLs:

•The order of the rules in an ACL is critical. The first rule that matches the traffic stops further processing of the frames.

•Standard ACLs and extended ACLs cannot have the same name.

ACL configuration and management

You need to enter either the copy running-configstartup-configcommand or the write memory command to save your configuration changes to Flash so that they are not lost if there is a system reload or power outage.

Creating a standard MAC ACL and adding rules

NOTE

You can use the resequence command to change all the sequence numbers assigned to the rules in a MAC ACL. For detailed information, see “Reordering the sequence numbers in a MAC ACL” on page 104.

To create a standard MAC ACL and add rules, perform the following steps from privileged EXEC mode.

1.Enter the configure terminal command to access global configuration mode.

2.Create a standard MAC ACL and enter ACL configuration mode.

In this example, the name of the standard MAC ACL is “test_01.”

switch(config)#mac access-list standard test_01

102	Converged Enhanced Ethernet Administrator’s Guide
	53-1002163-02

Image 124

Brocade Communications Systems 53-1002163-02 Default ACL configuration, ACL configuration guidelines and restrictions

Contents

Converged Enhanced Ethernet Brocade Communications Systems, Incorporated Title Publication number Summary of changes DateTitle Publication number Summary of changes Date Converged Enhanced Ethernet Administrator’s Guide Contents Chapter Using the CEE CLI This chapterChapter Initial FCoE and CEE Configuration Chapter Configuring STP, RSTP, and Mstp Chapter Configuring Link Aggregation 101 107127 123131 Appendix a Strict priority schedule two queues Strict priority and Weighted Round Robin schedulerWRR schedule two queues Page Tables Page Configuring VLANs, describes how to configure VLANs About This DocumentThis chapter How this document is organizedSupported hardware and software What’s new in this documentDocument conventions Command syntax conventionsText formatting Key terms Additional informationCorporation Referenced Trademarks and Products Brocade resources Getting technical helpOther industry resources Document feedback FT00X0054E9Introducing FCoE FCoE terminologyFCoE overview Term DescriptionFCoE hardware Layer 2 forwarding Layer 2 Ethernet overviewLayer 2 Ethernet overview Vlan tagging Loop-free network environmentFrame classification incoming Congestion control and queuingConverged Enhanced Ethernet Administrator’s Guide Access control TrunkingFlow Control FCoE Initialization ProtocolFIP discovery FIP login FIP logoutFCoE login LogincfgFCoE logout FCoE Initialization ProtocolFC zoning Name serverRegistered State Change Notification Rscn Upgrade and downgrade considerations for FCoE FCoE queuingCEE Command Line Interface Using the CEE CLIManagement Tools Saving your configuration changes Accessing the CEE CLI through the console or TelnetSaving configuration changes with the copy command Saving configuration changes with the write memory commandCEE CLI command modes Accessing the CEE CLI from the Fabric OS shellTo return to the Fabric OS CLI, enter the following command Interface port-channel CEE Command Line Interface CEE CLI command modes CEE CLI keyboard shortcutsLists CEE CLI keyboard shortcuts Keystroke DescriptionUsing the do command as a shortcut Displaying CEE CLI commands and command syntaxCEE CLI command completion CEE CLI command output modifiersCEE Command Line Interface CEE CLI command output modifiers TeeConfiguration management tasks Configuration managementCEE configuration guidelines and restrictions Display the running configuration file Saving the running configuration fileLoading the startup configuration file Erasing the startup configuration fileFlash file management commands Debugging and logging commandsArchiving the startup configuration file Restore an archived startup configuration fileSwitch#show debug FCoE Configuration Management Managing the FCoE configurationFCoE configuration guidelines and restrictions This chapterConfiguring the FCoE login information Clearing loginsDisplaying FCoE configuration-related information Enabling or disabling login configuration managementCleaning up login groups and VNport mappings Managing the current configuration transactionDisplaying the FCoE login configuration Saving the current FCoE configuration Creating an FCoE login groupCreating an FCoE login group Modifying the FCoE login group device list Deleting an FCoE login groupRenaming an FCoE login group Perform the following task to delete an FCoE login groupCreating an FCoE login group End to End FCoE using FC ISLs Initial FCoE and CEE ConfigurationOverview FCoE Logical Port Numbering FCoE port-to-front end TenGigabit port mappingHigh availability Hot plugControl Processor failover Protocol type Time intervalHigh availability reference Operation, data, or state Expected behaviorConfiguring the FCoE interfaces Configuring the FCoE VlanAssigning an FCoE map onto an interface Show vlan fcoeConfiguring Dcbx Return to the privileged Exec mode using the end commandRepeat this procedure for any additional interfaces Activate the protocolConfiguring Vlan membership Configuring Spanning Tree ProtocolConfiguring Spanning Tree Protocol CEE map configuration Bandwidth%Activate the CEE map mode Defining a Priority Group Table mapDefine the CEE map for Pgid CoSPGIDApplying a CEE provisioning map to an interface Defining a Priority-Table mapVerifying the CEE maps CEE audit logs Activate privileged Exec modeName Example Description Page CEE audit logs Vlan overview Configuring VLANsIngress Vlan filtering Displays the frame processing logic for an incoming frame Default Vlan configuration Vlan configuration guidelines and restrictionsParameter Default setting Vlan configuration and management Configuring the MTU on an interface portEnabling and disabling an interface port Creating a Vlan interfaceEnabling STP on a Vlan Configuring a Vlan interface to forward FCoE trafficDisabling STP on a Vlan Configuring an interface port as an access interface Configuring an interface port as a Layer 2 switch portConfiguring an interface port as a trunk interface Configuring an interface port as a converged interface Disabling a Vlan on a trunk interfaceConfiguring protocol-based Vlan classifier rules Configuring protocol-based Vlan classifier rulesDisabling a Vlan on a converged interface Configuring a Vlan classifier rule Configuring MAC address-based Vlan classifier rulesDeleting a Vlan classifier rule Creating a Vlan classifier group and adding rulesConfiguring the MAC address table Activating a Vlan classifier group with an interface portClearing Vlan counter statistics Displaying Vlan informationSpecifying or disabling the aging time for MAC addresses Adding static addresses to the MAC address tableConfiguring the MAC address table Configuring STP, RSTP, and Mstp STP overviewConfiguring STP Rstp overview STP interface state Rstp interface stateActive topology? Is the interface learning MAC addresses?Configuring Rstp Mstp overview Mstp overviewConfiguring Mstp Default STP, RSTP, and Mstp configuration STP, RSTP, and Mstp configuration and management Enabling STP, RSTP, or MstpSTP, RSTP, and Mstp configuration and management Disabling STP, RSTP, or MstpShutting down STP, RSTP, or Mstp globally Specifying the bridge prioritySpecify the bridge forward delay Specifying the bridge forward delaySpecifying the bridge maximum aging time Enabling the error disable timeout timer Specifying the error disable timeout intervalEnable the error disable timeout timer Specifying the port-channel path costSpecifying the transmit hold count Rstp and Mstp Specifying the bridge hello time STP and RstpSpecify the port-channel path cost Disabling Cisco interoperability Mstp Enabling Cisco interoperability MstpMapping a Vlan to an Mstp instance Specifying a revision number for an Mstp configuration Enter the region command to assign a name to an Mstp regionSpecifying the maximum number of hops for a Bpdu Mstp Specifying a name for an Mstp regionClearing spanning tree counters Flushing MAC addresses Rstp and MstpClearing spanning tree-detected protocols Configuring STP, RSTP, or Mstp on CEE interface ports Configuring the path costDisplaying STP, RSTP, and MSTP-related information Enabling automatic edge detectionEnabling a port interface as an edge port Enabling the guard rootSpecifying the Mstp hello time Enter the no shutdown command to enable the CEE interfaceSpecifying restrictions for an Mstp instance Enabling port fast STP Specifying a link typeSpecifying the port priority Restricting the topology change notification Restricting the port from becoming a root portEnabling spanning tree Disabling spanning tree Configuring STP, RSTP, or Mstp on CEE interface ports Link Aggregation Group configuration Configuring Link AggregationLink aggregation overview Converged Enhanced Ethernet Administrator’s Guide Data Center Core Link Aggregation Control Protocol Dynamic link aggregationStatic link aggregation Brocade-proprietary aggregationLacp configuration guidelines and restrictions Default Lacp configurationLacp configuration and management LAG distribution processEnabling Lacp on an interface in Layer 2 mode Configuring the Lacp system priorityConfiguring the Lacp timeout period on a CEE interface Enter the switchport mode command to set the modeLacp troubleshooting tips Clearing Lacp counter statistics on a LAGClearing Lacp counter statistics on all LAG groups Displaying Lacp informationDeskew calculation failed for link link-name Configuring Lldp Lldp overviewLayer 2 topology mapping Layer 2 topology mappingDcbx overview Priority Flow Control PFC Enhanced Transmission Selection ETSPriority Priority group Bandwidth check Default Lldp configuration Lldp configuration guidelines and restrictionsDcbx interaction with other vendor devices Lldp configuration and management Disabling and resetting Lldp globallyConfiguring Lldp global command options Enabling Lldp globallySpecifying a system name for the Brocade FCoE hardware Specifying a user description for LldpConfiguring the hold time for receiving devices Configuring the transmit frequency of Lldp framesAdvertising the optional Lldp TLVs Configuring the advertisement of Lldp DCBX-related TLVs Configuring FCoE priority bitsAdvertise the Lldp DCBX-related TLVs using these commands Configure the FCoE priority bitsConfiguring iSCSI priority bits Configuring Lldp profilesConfiguring the iSCSI profile Clearing LLDP-related information Configuring Lldp interface-level command optionsDisplaying LLDP-related information Display Lldp interface-related information Display Lldp neighbor-related detail informationDisplay all Lldp statistics Lldp configuration and management Configuring ACLs ACL overviewDefault ACL configuration ACL configuration guidelines and restrictionsACL configuration and management Creating a standard MAC ACL and adding rulesCreating an extended MAC ACL and adding rules Modifying MAC ACL rulesRemoving a MAC ACL Enter the no seq command to delete the existing ruleReordering the sequence numbers in a MAC ACL Applying a MAC ACL to a CEE interface ACL configuration and managementApplying a MAC ACL to a Vlan interface ACL configuration and management Configuring QoS QoS overviewDefault user-priority mappings for untrusted interfaces RewritingQueueing User-priority mappingConfiguring the QoS trust mode Incoming CoS User PriorityCreating a CoS-to-CoS mutation QoS map Configuring user-priority mappingsApplying a CoS-to-CoS mutation QoS map Unicast traffic Traffic class mappingUser priority Traffic class Multicast traffic Mapping CoS-to-Traffic-ClassActivating a mapping CoS-to-Traffic-Class QueueingTail drop Congestion controlVerifying a mapping CoS-to-Traffic-Class Ethernet pause Changing the Tail Drop thresholdEthernet Priority Flow Control Enabling Ethernet PauseEnable trust mode on the interface Enable an Ethernet PFC on the interfaceMulticast rate limiting Enabling an Ethernet PFCScheduling Deficit weighted round robin schedulingStrict priority scheduling Traffic class scheduling policy Scheduling the QoS queueScheduling the QoS multicast queue Multicast queue schedulingMulticast traffic class Equivalent unicast traffic class Pgid Defining a priority-table map Defining a priority group tableSpecify the name of the CEE map to define Applying a CEE provisioning map to an interface Verifying the CEE maps802.1x configuration guidelines and restrictions Configuring 802.1x Port Authentication802.1x protocol overview 802.1x authentication configuration tasks Interface-specific administrative tasks forConfigure authentication Between the switch and CNA or NIC Configuring 802.1x on specific interface portsConfiguring 802.1x timeouts on specific interface ports Configure the timeout intervalEnable 802.1x authentication for the interface port Configure reauthentication for the interface portInterface-specific administrative tasks for About Igmp Configuring IgmpActive Igmp snooping Configuring Igmp Multicast routingConfiguring Igmp snooping querier Configuring Igmp snooping mrouterConfigure the mrouter timeout value Monitoring IgmpConfiguring Rmon Rmon configuration and managementDefault Rmon configuration Configuring Rmon group statistics collectionConfiguring Rmon settings Configuring Rmon eventsEnable the CEE interface Configure Rmon group statistics on the interfaceConfiguring Rmon history collection Rmon configuration and management Configure the Rmon eventActivate Rmon history collection for the interface Display the Rmon historyRmon configuration and management Brocade 8000 Replacement SwitchBrocade 8000 Replacement Enhanced Group Management licenseOriginalswitchadmin cfgactvshow Upload the startup-configfile to the new switch Bring the new switch back onlineUpload the running-configfile to the new switch Originalswitchadmin switchname originalswitch Brocade 8000 Replacement Index 802.1xQoS, 113 queuing FIP Layer LldpRadius Vlan