Brocade Communications Systems RFS6000 System Reference Manual page 359
Provides centralized wireless lan (wlan)
Hide thumbs
Also See for RFS6000:
- Cli reference manual (839 pages) ,
- System reference manual (574 pages)
Table of Contents
Advertisement
In general, a Wireless-LAN ACL can be used to filter wireless to wireless, wireless to wired and wired
to wireless traffic. Typical wired to wired traffic can be filtered using a Layer 2 port based ACL rather
than a WLAN ACL.
Each WLAN is assumed to be a virtual Layer 2 port. Configure one IP and one MAC ACL on the
virtual WLAN port. In contrast to Layer 2 ACLs, a WLAN ACL can be enforced on both the Inbound
and Outbound direction.
ACL Actions
Every ACE within an ACL is made up of an action and matching criteria. The action defines what to
do with the packet if it matches the specified criteria. The following actions are supported:
•
•
•
NOTE
A Permit All ACL is not supported when using NTP. If a Permit All ACL is used with NTP, the client will
not be able to synchronize with the NTP server.
NOTE
Only a Port ACL supports a mark action. With Router ACLs, a mark is treated as a permit and the
packet is allowed without modifications.
Precedence Order
The rules within an ACL are applied to packets based on their precedence values. Every rule has a
unique precedence value between 1 and 5000. You cannot add two rules's with the same
precedence value.
Consider the following when adding rules:
•
•
•
•
Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide
53-1002515-01
deny— Instructs the ACL not to allow a packet to proceed to its destination.
permit—Instructs the ACL to allows a packet to proceed to its destination.
mark—Modifies certain fields inside the packet and then permits them. Therefore, mark is an
action with an implicit permit.
•
VLAN 802.1p priority.
•
TOS/DSCP bits in the IP header.
Every ACL entry in an ACL is associated with a precedence value unique for every entry. You
cannot enter two different entries in an ACL with the same precedence value. This value can be
between 1 and 5000. An ACE in an ACL is associated with a unique precedence value. No two
ACE's can have the same precedence value.
Specifying a precedence value with each ACL entry is not mandatory. If you do not want to
specify one, the system automatically generates a precedence value starting with 10.
Subsequent entries are added with precedence values of 20, 30 and so on. 10 is the default
offset between any two rules in an ACL. However, if the user specifies a precedence value with
an entry, that value overrides the default value. The user can also add an entry in between two
subsequent entries (for example, in between 10 and 20).
If an entry with a max precedence value of 5000 exists, you cannot add a new entry with a
higher precedence value. In such a case, the system displays an error stating "Rule with max
precedence value exists". Either delete the entry or add new entries with precedence values
less than 5000. A user can add a maximum of 500 ACE's in an ACL.
Rules within an ACL are displayed in an ascending order of precedence.
6
347
Advertisement
Table of Contents
Troubleshooting
