Creating an ACL for an interface on a Brocade MLX
I need to create a ACL for an interface on a Brocade MLX. I only need to deny traffic from a single host but this is turning out to be more challenging than I thought.
I created the following access list....
access-list 2 deny host aaa.bbb.ccc.ddd
access-list 2 permit any
The interface I would like to apply this access list to is not a physical interface. It is a virtual interface for a VLAN. when I enter this command at the config config prompt...
Brocade(config-vif-2265)#i
I get an error telling me that the access list can not be applied to the interface because QOS is configured on this port.
I have been digging around in my Brocade documentation and I can't locate a workaround for this problem. I really need to block this host. Is there a way to use a ACL even if there is QOS on this port?
I created the following access list....
access-list 2 deny host aaa.bbb.ccc.ddd
access-list 2 permit any
The interface I would like to apply this access list to is not a physical interface. It is a virtual interface for a VLAN. when I enter this command at the config config prompt...
Brocade(config-vif-2265)#i
I get an error telling me that the access list can not be applied to the interface because QOS is configured on this port.
I have been digging around in my Brocade documentation and I can't locate a workaround for this problem. I really need to block this host. Is there a way to use a ACL even if there is QOS on this port?
Looks like there are restrictions on how the ACL is entered, try removing the QOS, add acl then add back the qos?
harbor235 ;}
harbor235 ;}
ASKER
That doesn't work. I can remove the QOS and add the access list but when I try to add the QOS back in I get an error telling me that there is a L4 ACL on this interface and QOS can not be applied.
I have tried with a standard ACL and an extended ACL still can't get the ACL applied if the interface has QOS. I am confused on why this is a problem for access lists....
I have tried with a standard ACL and an extended ACL still can't get the ACL applied if the interface has QOS. I am confused on why this is a problem for access lists....
Are you applying the filter to a port or the RVI?
harbor235 ;}
harbor235 ;}
Can you post your RVI config?
harbor235 ;}
harbor235 ;}
From the MLX user guide:
"Once you configure an ACL-based rate limiting policy on a port, you cannot configure a regular (traffic
filtering) ACL on the same port. To filter traffic, you must enable the strict ACL option."
http://www.brocade.com/downloads/documents/product_manuals/B_NetIron/NetIron_05600_TrafficMgmtGuide.pdf
harbor235 ;}
"Once you configure an ACL-based rate limiting policy on a port, you cannot configure a regular (traffic
filtering) ACL on the same port. To filter traffic, you must enable the strict ACL option."
http://www.brocade.com/downloads/documents/product_manuals/B_NetIron/NetIron_05600_TrafficMgmtGuide.pdf
harbor235 ;}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Accept: KGaudineer- (https:#a40713640)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
frankhelk
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Accept: KGaudineer- (https:#a40713640)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
frankhelk
Experts-Exchange Cleanup Volunteer
harbor235 ;}