Brocade Network OS NETCONF Operations Guide v4.1.1 Manual de usuario Pagina 448
- Pagina / 622
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
416 Network OS NETCONF Operations Guide
53-1003231-02
IP ACL
28
Creating an extended IP or IPv6 ACL
To create an extended IP ACL, perform the following steps.
1. Issue the <edit-config> RPC to configure the <ip-acl> or <ipv6-acl> node in the
urn:brocade.com:mgmt:brocade-ip-access-list or
urn:brocade.com:mgmt:brocade-ipv6-access-list namespace, respectively.
2. Under the <ip-acl> or <ipv6-acl> node, include the <ip> or <ipv6> node element.
3. Under the <ip> or <ipv6> node, include the <access-list>/<extended> hierarchy of node
elements.
4. Under the <extended> node, include the <name> leaf element and set its value to the name of
the ACL you want to configure.
5. Under the <extended> element, specify a <seq> list element node for each rule you want to
add to the access list.
6. Under each <seq> node, include the following leaf elements.
a. In the <seq-id> element, set a sequence number for the rule to identify the rule and
determine the sequence in which rules are applied (lowest <seq-id> first).
b. In the <action> element, specify “deny” to create a rule in the IP ACL to drop traffic when
the rule conditions are met, “permit” to create a rule in the IP ACL to permit traffic, or
“hard-drop” to create a rule in the IP ACL to force drop traffic.
c. Additional elements that specify the source and destination switch or source and
destination ports for which traffic is permitted or denied.
For a complete list of <seq> node leaf elements, refer to the brocade-ip-access-list.yang file or
the brocade-ipv6-access-list.yang file.
The following example creates an extended IP ACL named extdACL5 that includes the following
rules:
• Rule 5 denies TCP traffic from host 10.24.26.145 or bound for port 23 on any destination host.
• Rule 7 denies TCP traffic from any source host on port 80 of any destination port.
• Rule 10 denies UDP traffic from any source host to ports in the range 10 through 25 on any
destination host.
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="2409" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<ip-acl xmlns="urn:brocade.com:mgmt:brocade-ip-access-list">
<ip>
<access-list>
<extended>
<name>extdACL5</name>
<seq>
<seq-id>5</seq-id>
<action>deny</action>
<protocol-type>tcp</protocol-type>
<src-host-any-sip>host</src-host-any-sip>
<src-host-ip>10.24.26.145</src-host-ip>
<dst-host-any-dip>any</dst-host-any-dip>
- Network OS 1
- Document History 2
- Contents (High Level) 3
- Contents (Detailed) 5
- Chapter 7 SNMP 8
- Chapter 8 Fabric 8
- Chapter 9 Metro VCS 8
- Chapter 13 VMware vCenter 10
- Chapter 19 Configuring AMPP 12
- Chapter 21 Configuring VLANs 13
- Chapter 22 Configuring VXLANs 14
- Chapter 25 Configuring UDLD 15
- Chapter 27 Configuring LLDP 16
- Chapter 28 Configuring ACLs 16
- Chapter 29 Configuring QoS 17
- Chapter 31 Configuring sFlow 18
- Chapter 32 IP Route Policy 18
- Chapter 34 Configuring OSPF 19
- Chapter 35 Configuring VRRP 19
- Section V Appendixes 20
- About This Document 27
- Document conventions 29
- Notes, cautions, and warnings 30
- Key terms 30
- Notice to the reader 31
- Additional information 31
- Getting technical help 32
- Document feedback 32
- Network OS Administration 33
- NETCONF Overview 35
- RPC request 37
- RPC reply 37
- RPC and error handling 38
- SSH subsystem 38
- RFC references 38
- NETCONF support in Network OS 39
- Basic NETCONF Operations 41
- Server capabilities 42
- Retrieving configuration data 43
- Subtree filtering 44
- Retrieving operational data 47
- Editing the configuration 50
- Managing the configuration 51
- Basic Switch Management 55
- Connecting to the switch 56
- Switch attributes 56
- Setting host attributes 57
- Rebooting a Brocade switch 59
- Replacing an interface module 61
- Configuring a switch banner 64
- </copy> 69
- </rpc-reply> 69
- Syslog server setup 70
- Adding syslog servers 71
- Removing a syslog server 74
- RASlog configuration 75
- Audit log configuration 77
- Network Time Protocol 79
- Time zone settings 80
- Evaluating a firmware upgrade 91
- ATTENTION 92
- Administering Licenses 97
- Obtaining a license key 98
- Reserving a port assignment 100
- 53-1003231-02 101
- In this chapter 105
- SNMP community strings 106
- Obtaining SNMP user names 108
- SNMP server hosts 109
- Removing the SNMP server host 111
- Enabling VCS Fabric mode 118
- Disabling VCS Fabric mode 118
- Enabling a fabric ISL 119
- Enabling a fabric trunk 120
- Disabling a fabric trunk 121
- Priorities 122
- Fabric ECMP load balancing 126
- Metro VCS 129
- Disabling a fabric ISL 130
- Administering Zones 133
- Default zoning access modes 134
- Zone database size 135
- Zone aliases 136
- Deleting an alias 141
- Zoning information 142
- Zone creation and management 147
- Adding a member to a zone 148
- Removing a member from a zone 149
- Deleting a zone 150
- Zone configuration management 151
- Enabling a zone configuration 154
- Deleting a zone configuration 155
- Zone configuration scenario 160
- • Cfg1 containing ZoneA only 161
- Compression 166
- Enabling a Fibre Channel port 168
- System Monitor Configuration 175
- FRU monitoring 176
- Alert notifications 180
- Configuring e-mail alerts 181
- To change the domain name: 183
- Resource monitoring 184
- Configuring CPU monitoring 185
- Security monitoring 186
- Interface monitoring 189
- Pausing interface monitoring 192
- VMware vCenter 195
- Step 2: Enabling CDP/LLDP 196
- Activating the vCenter 197
- Configuring Remote Monitoring 199
- Managing User Accounts 205
- Parameter Description 206
- Creating a user account 207
- Disabling a user account 209
- Deleting a user account 210
- Unlocking a user account 210
- Role-based access control 211
- User-defined roles 212
- Command access rules 214
- Rule processing 215
- Adding a rule 216
- Changing a rule 217
- Deleting a rule 217
- Verifying a rule 218
- Configuration examples 219
- Password policies 221
- Password encryption policy 222
- Account lockout policy 224
- Managing password policies 226
- Security event logging 228
- Login authentication mode 230
- TACACS+ servers 241
- TACACS+ accounting 243
- Enabling command accounting 244
- Disabling accounting 246
- Server authentication 247
- Deleting CA certificates 248
- FIPS compliance 249
- Active Directory groups 251
- Fabric Authentication 255
- Removing shared secrets 257
- Creating a defined SCC policy 260
- Modifying the SCC policy 261
- Activating the SCC policy 261
- Removing the SCC policy 263
- Edge-loop detection overview 267
- Configuring AMPP 273
- 7. Activate the profile 275
- Configuring VLAN profiles 276
- 3. Activate the profile 278
- Configuring FCoE profiles 281
- Configuring QoS profiles 282
- Configuring security profiles 286
- Deleting a port-profile 289
- Deleting a subprofile 291
- Deleting a port-profile-port 297
- Configuring FCoE Interfaces 303
- Configuring FCoE interfaces 304
- Obtaining FCoE status 307
- Configuring VLANs 309
- Creating a VLAN interface 312
- Enabling STP on a VLAN 312
- Disabling STP on a VLAN 314
- • Enables the interface 317
- • Specifies trunk mode 317
- Obtaining VLAN information 326
- Private VLANs 330
- Configuring a private VLAN 331
- Displaying PVLAN information 333
- Configuring VXLANs 335
- Displaying VXLAN information 341
- Configuring Virtual Fabrics 343
- • Primary VLAN 344
- • Isolated VLAN 344
- • Community VLAN 345
- Configuring MAC groups 358
- Transport service 359
- Configuring STP 362
- Configuring RSTP 364
- Configuring MSTP 367
- Specifying a link type 397
- Specifying the port priority 399
- Enabling spanning tree 403
- Disabling spanning tree 404
- Configuring UDLD 405
- Disabling UDLD 407
- Retrieving UDLD statistics 407
- Configuring Link Aggregation 409
- TABLE 12 Load balance flavor 415
- Configuring LLDP 421
- • <management-address> 428
- • <port-description> 428
- • <system-capabilities> 428
- • <adv-tlv-system-name> 428
- Configuring iSCSI priority 430
- Configuring LLDP profiles 430
- <edit-config> 431
- <target> 431
- <running/> 431
- (more interfaces go here) 434
- Deleting an LLDP profile 435
- Configuring ACLs 437
- Modifying MAC ACL rules 443
- Removing a MAC ACL 444
- Configuring QoS 453
- Rewriting 454
- Queueing 454
- Verifying QoS trust 455
- DSCP values User priority 460
- Verifying DSCP trust 461
- Creating a DSCP mutation map 462
- Traffic class mapping 469
- Mapping DSCP-to-Traffic-Class 473
- Congestion control 477
- Configuring CoS thresholds 478
- Random Early Detection 479
- Ethernet Pause 480
- Enabling Ethernet Pause 481
- Enabling Ethernet PFC 482
- Multicast rate limiting 483
- Configuring BUM storm control 484
- Scheduling 485
- Multicast queue scheduling 486
- Creating a CEE map 487
- Defining a priority-table map 489
- Verifying the CEE maps 490
- Brocade VCS Fabric QoS 491
- Port-based Policier 493
- Configuring the policy map 496
- Policy maps 499
- Class maps 500
- Priority maps 501
- Configuring Auto-QOS 502
- Disabling 802.1x globally 507
- 802.1x readiness check 508
- Configuring sFlow 517
- Flow-based sFlow 521
- Deleting a SPAN session 530
- SPAN in management cluster 531
- Configuring RSPAN 532
- VLAN 1010 as the destination 534
- IP Route Policy 537
- Configuring a route map 538
- IP Route Management 545
- Other routing operations 548
- Enabling IP load sharing 549
- Configuring OSPF 551
- OSPF over VRF 552
- OSPF in a VCS environment 552
- OSPF configuration rules 555
- Enabling OSPF on the router 556
- Disabling OSPF on the router 556
- Assigning OSPF areas 557
- Assigning virtual links 562
- Changing other settings 564
- Configuring VRRP 565
- Configuring the master router 567
- Configuring the backup router 569
- Enabling preemption 571
- Configuring VRF 585
- Enabling VRRP for VRF 588
- Configuring BGP 589
- Enabling BGP on an RBridge 590
- Disabling BGP on an RBridge 590
- Configuring BGP global mode 591
- Configuring IGMP 595
- Monitoring IGMP snooping 598
- Configuring DHCP Relay 599
- Appendixes 603
- Managing NETCONF 605
- • Capabilities 606
- • Datastores 606
- • Schemas 606
- • Sessions 606
- • Statistics 606
- Numerics 609
Relacionado con productos y manuales para Accesorios De Computador Brocade Network OS NETCONF Operations Guide v4.1.1
Accesorios De Computador Brocade VDX 6710-54 Hardware Reference Manual Manual de usuario
(72 paginas)
(72 paginas)
Accesorios De Computador Brocade VDX 6730 QuickStart Guide (Supporting VDX 6730-32 Manual de usuario
(12 paginas)
(12 paginas)
Accesorios De Computador Brocade VDX 8770-8 Two-Post Flush and Mid-Mount Rack Kit I Manual de usuario
(8 paginas)
(8 paginas)
Accesorios De Computador Brocade VDX 6730 Hardware Reference Manual (Supporting VDX Manual de usuario
(90 paginas)
(90 paginas)
Accesorios De Computador Brocade VDX 8770-8 Four-Post Flush and Recessed Mount Rack Manual de usuario
(10 paginas)
(10 paginas)
Accesorios De Computador Brocade VDX 8770-4 Two-Post Flush and Mid-Mount Rack Kit I Manual de usuario
(10 paginas)
(10 paginas)
Accesorios De Computador Brocade VDX 8770-8 Hardware Reference Manual Manual de usuario
(136 paginas)
(136 paginas)
Accesorios De Computador Brocade VDX 8770-4 Four-Post Flush Mount Rack Kit Installa Manual de usuario
(8 paginas)
(8 paginas)
Accesorios De Computador Brocade Network OS Administrator’s Guide v4.1.1 Manual de usuario
(748 paginas)
(748 paginas)
Accesorios De Computador Brocade VDX 8770-4 Four-Post Flush and Recessed Mount Inta Manual de usuario
(24 paginas)
(24 paginas)
Accesorios De Computador Brocade VDX 8770-4 Hardware Reference Manual Manual de usuario
(132 paginas)
(132 paginas)
Accesorios De Computador Brocade Universal Two-Post Rack Kit Installation Procedure Manual de usuario
(1 paginas)
(1 paginas)
Accesorios De Computador Brocade Universal Four Post Rack Kit Installation Procedur Manual de usuario
(20 paginas)
(20 paginas)
Accesorios De Computador Brocade VDX 6740 Hardware Reference Manual (Supporting VDX Manual de usuario
(78 paginas)
(78 paginas)
Accesorios De Computador Brocade 6910 Ethernet Access Switch MIB Reference Manual de usuario
(102 paginas)
(102 paginas)
Accesorios De Computador Brocade FCX Series Hardware Installation Guide Manual de usuario
(112 paginas)
(112 paginas)
(84 paginas)© 2020, manymanuals.es. Todos los derechos reservados | 0.034 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales