Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
102
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
ACL comment text management
The following example shows how this feature works for a TCP port (this feature works the same
way for UDP ports). In this example, the user identifies the TCP port by number (80) when
configuring ACL group 140. However, show ip access-list 140 reverts back to the port name for the
TCP port (http in this example). After the user issues the new ip preserve-ACL-user-input-format
command, show ip access-list 140 displays either the TCP port number or name, depending on
how it was configured by the user.
way for UDP ports). In this example, the user identifies the TCP port by number (80) when
configuring ACL group 140. However, show ip access-list 140 reverts back to the port name for the
TCP port (http in this example). After the user issues the new ip preserve-ACL-user-input-format
command, show ip access-list 140 displays either the TCP port number or name, depending on
how it was configured by the user.
Brocade(config)# access-list 140 permit tcp any any eq 80
Brocade(config)# access-list 140 permit tcp any any eq ftp
Brocade# show ip access-lists 140
Extended IP access list 140
permit tcp any any eq http
permit tcp any any eq ftp
Brocade(config)#ip preserve-ACL-user-input-format
Brocade#show ip access-lists 140
Extended IP access list 140
permit tcp any any eq 80
permit tcp any any eq ftp
Brocade(config)# access-list 140 permit tcp any any eq ftp
Brocade# show ip access-lists 140
Extended IP access list 140
permit tcp any any eq http
permit tcp any any eq ftp
Brocade(config)#ip preserve-ACL-user-input-format
Brocade#show ip access-lists 140
Extended IP access list 140
permit tcp any any eq 80
permit tcp any any eq ftp
ACL comment text management
ACL comment text describes entries in an ACL. The comment text appears in the output of show
commands that display ACL information.
commands that display ACL information.
This section describes how to add, delete, and view ACL comments.
Adding a comment to an entry in a numbered ACL
To add comments to entries in a numbered ACL, enter commands such as the following.
You can add comments to entries in a numbered ACL using the syntax for named ACLs. For
example, using the same example configuration above, you could instead enter the following
commands.
example, using the same example configuration above, you could instead enter the following
commands.
Syntax: [no] access-list ACL-num remark comment-text
or
Syntax: [no] ip access-list standard | extended ACL-num
Syntax: remark comment-text
Brocade(config)# access-list 100 remark The following line permits TCP packets
Brocade(config)# access-list 100 permit tcp 192.168.4.40/24 10.2.2.2/24
Brocade(config)# access-list 100 remark The following permits UDP packets
Brocade(config)# access-list 100 permit udp 192.168.2.52/24 10.2.2.2/24
Brocade(config)# access-list 100 deny ip any any
Brocade(config)# access-list 100 permit tcp 192.168.4.40/24 10.2.2.2/24
Brocade(config)# access-list 100 remark The following permits UDP packets
Brocade(config)# access-list 100 permit udp 192.168.2.52/24 10.2.2.2/24
Brocade(config)# access-list 100 deny ip any any
Brocade(config)# ip access-list extended 100
Brocade(config-ext-nACL)# remark The following line permits TCP packets
Brocade(config-ext-nACL)# permit tcp 192.168.4.40/24 10.2.2.2/24
Brocade(config-ext-nACL)# remark The following permits UDP packets
Brocade(config-ext-nACL)# permit udp 192.168.2.52/24 10.2.2.2/24
Brocade(config-ext-nACL)# deny ip any any
Brocade(config-ext-nACL)# remark The following line permits TCP packets
Brocade(config-ext-nACL)# permit tcp 192.168.4.40/24 10.2.2.2/24
Brocade(config-ext-nACL)# remark The following permits UDP packets
Brocade(config-ext-nACL)# permit udp 192.168.2.52/24 10.2.2.2/24
Brocade(config-ext-nACL)# deny ip any any