User's Manual
xx Brocade Network Advisor IP User Manual
53-1003056-01
Saving a PBR policy deployment. . . . . . . . . . . . . . . . . . . . . . . .554
Scheduling a PBR policy deployment . . . . . . . . . . . . . . . . . . . .555
ACL Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .558
Enabling or disabling ACL accounting . . . . . . . . . . . . . . . . . . .558
Resetting ACL counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .558
Viewing ACL counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .559
Chapter 18 Security Management
Security overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .561
Layer 2 access control list management. . . . . . . . . . . . . . . . . . . . .561
IronWare Layer 2 ACL configuration . . . . . . . . . . . . . . . . . . . . .562
Fabric OS Layer 2 ACL configuration . . . . . . . . . . . . . . . . . . . .569
Creating a Layer 2 ACL from a saved configuration. . . . . . . . . 576
Deleting a Layer 2 ACL configuration from the application. . . 576
Deleting a Layer 2 ACL configuration from the switch. . . . . . . 576
Network OS Layer 2 ACL configuration. . . . . . . . . . . . . . . . . . .577
Layer 3 access control list policy . . . . . . . . . . . . . . . . . . . . . . . . . . .580
Creating a standard L3 ACL configuration . . . . . . . . . . . . . . . .581
Creating a L3 ACL from a saved configuration. . . . . . . . . . . . .583
Editing a standard L3 ACL configuration . . . . . . . . . . . . . . . . .584
Copying a standard L3 ACL configuration . . . . . . . . . . . . . . . .585
Creating an extended L3 ACL configuration. . . . . . . . . . . . . . .585
Editing an extended L3 ACL configuration . . . . . . . . . . . . . . . .587
Copying an extended L3 ACL configuration . . . . . . . . . . . . . . .588
Creating an IPv6 L3 ACL configuration. . . . . . . . . . . . . . . . . . .590
Editing an IPv6 L3 ACL configuration . . . . . . . . . . . . . . . . . . . .592
Copying an IPv6 L3 ACL configuration . . . . . . . . . . . . . . . . . . .593
Deleting a L3 ACL configuration . . . . . . . . . . . . . . . . . . . . . . . .594
Assigning a L3 ACL configuration to an interface . . . . . . . . . .594
Clearing L3 ACL assignments . . . . . . . . . . . . . . . . . . . . . . . . . .596
Configuring the ACL configuration type and operations . . . . .597
Configuring hit statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .597
Configuring L3 ACL advanced settings. . . . . . . . . . . . . . . . . . .598
Network configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .602
Network group configuration. . . . . . . . . . . . . . . . . . . . . . . . . . .606
Service configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .611
Service group configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .616
Media Access Control (MAC) filter management . . . . . . . . . . . . . .620
Creating a MAC filter configuration. . . . . . . . . . . . . . . . . . . . . .621
Creating a MAC filter from a saved configuration . . . . . . . . . .623
Editing a MAC filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .624
Copying a MAC filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .625
Deleting a MAC filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .627
Assigning MAC filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .627
Clearing MAC filter assignments. . . . . . . . . . . . . . . . . . . . . . . .628
Adding a MAC filter configuration to an interface . . . . . . . . . .628
Security configuration deployment . . . . . . . . . . . . . . . . . . . . . . . . .629
Deploying a security configuration on demand . . . . . . . . . . . .630
Saving a security configuration deployment . . . . . . . . . . . . . .631