Brocade交换机配置ACL访问控制列表

这是前几年通过一个项目的测试总结出来的。现在不再做Brocade了,发出来给有需要的朋友们参考。


1、L3/L4 ACL
关键是要注意Brocade在配置VLAN和VLAN三层接口时,和Cisco的区别

WS_B#sh run
Current configuration:
!
ver 07.0.01T7e3
!
module 1 fws1g-48-port-copper-base-module
!
vlan 1 name DEFAULT-VLAN by port
!
vlan 10 by port
 untagged ethe 0/1/1
 router-interface ve 10
!
vlan 20 by port
 untagged ethe 0/1/2
 router-interface ve 20
!
vlan 30 by port
 #指定端口e0/1/3是VLAN30的Access口
 untagged ethe 0/1/3
 #为VLAN30绑定1个L3接口,VE30。Brocade三层交换机不能直接int vlan 30
 #必须为其绑定一个ve接口,然后int ve 30,才能进入vlan的L3接口
 router-interface ve 30
!
hostname WS_B
router rip
!
interface ve 10
 ip address 192.168.6.1 255.255.255.0
 ip rip v2-only
!
interface ve 20
 ip access-group 100 in
 ip address 192.168.2.2 255.255.255.0
 ip rip v2-only
!
#进入vlan30的L3接口
interface ve 30in方向应用ACL
 ip access-group 100 in
 ip address 192.168.5.1 255.255.255.0
 ip rip v2-only
!
#配置ACL,允许FTP,拒绝icmp
access-list 100 permit tcp host 192.168.0.2 host 192.168.6.2 eq ftp
access-list 100 deny icmp host 192.168.0.2 host 192.168.6.2
access-list 100 permit ip any any
!
end

2、L2 ACL

!
#全局模式配置L2 ACL,每个序号对应1个条目
mac filter 1 deny 0023.8b66.ac16 ffff.ffff.ffff any
mac filter 2 permit any any
!
interface ethernet 0/1/1
 #在物理端口下应用L2 ACL,可以应用多条L2 ACL
 mac filter-group 1 to 2
!

你可能感兴趣的:(Brocade,IP,Products)