Home » HP Manuals » Storage Devices » HP StorageWorks 8/80 » Manual Viewer

HP StorageWorks 8/80 Brocade Converged Enhanced Ethernet Administrator's Guide - Page 115

Creating an extended MAC ACL and adding rules, Modifying MAC ACL rules

View all HP StorageWorks 8/80 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 115 highlights

ACL configuration and management 8 3. Enter the deny command to create a rule in the MAC ACL to drop traffic with the source MAC address. switch(conf-macl-std)#deny 0022.3333.4444 count 4. Enter the permit command to create a rule in the MAC ACL to permit traffic with the source MAC address. switch(conf-macl-std)#permit 0022.5555.3333 count 5. Use the seq command to create MAC ACL rules in a specific sequence. switch(conf-macl-std)#seq 100 deny 0011.2222.3333 count switch(conf-macl-std)#seq 1000 permit 0022.1111.2222 count Creating an extended MAC ACL and adding rules NOTE You can use the resequence command to change all the sequence numbers assigned to the rules in a MAC ACL. For detailed information, see "Reordering the sequence numbers in a MAC ACL" on page 96. The MAC ACL name length is limited to 64 characters. To create an extended MAC ACL and add rules, perform the following steps from Privileged EXEC mode. 1. Enter the configure terminal command to enter global configuration mode. 2. Create an extended MAC ACL and enter ACL configuration mode. Example of setting the name of the extended MAC ACL to "test_02." switch(config)#mac access-list extended test_02 3. Create a rule in the MAC ACL to permit traffic with the source MAC address and the destination MAC address. Example switch(conf-macl-ext)#permit 0022.3333.4444 0022.3333.5555 4. Use the seq command to insert the rule anywhere in the MAC ACL. Example switch(conf-macl-std)#seq 5 permit 0022.3333.4444 0022.3333.5555 5. Enter the copy command to save the running-config file to the startup-config file. switch(conf-macl-std)#exit switch(config)#end switch#copy running-config startup-config Modifying MAC ACL rules You cannot modify the existing rules of a MAC ACL. However, you can remove the rule and then recreate it with the desired changes. If you need to add more rules between existing rules than the current sequence numbering allows, you can use the resequence command to reassign sequence numbers. For detailed information, see "Reordering the sequence numbers in a MAC ACL" on page 96. Converged Enhanced Ethernet Administrator's Guide 95 53-1001346-01

Section	Page
Contents	3
Chapter 1 Introducing FCoE	3
Chapter 2 Using the CEE CLI	4
Chapter 3 Standard CEE Integrations and Configurations	4
Chapter 4 Configuring VLANs Using the CEE CLI	4
Chapter 5 Configuring STP, RSTP, and MSTP using the CEE CLI	5
Chapter 6 Configuring Link Aggregation using the CEE CLI	6
Chapter 7 Configuring LLDP using the CEE CLI	6
Chapter 8 Configuring ACLs using the CEE CLI	7
Chapter 9 Configuring QoS using the CEE CLI	7
Chapter 10 Configuring 802.1x Port Authentication	8
Chapter 11 Configuring FCoE using the Fabric OS CLI	8
Chapter 12 Administering the switch	8
Chapter 13 Configuring RMON using the CEE CLI	8
Figures	11
Tables	13
About This Document	15
In this chapter	15
How this document is organized	15
Supported hardware and software	16
What’s new in this document	17
Document conventions	17
Text formatting	17
Command syntax conventions	17
Notes, cautions, and warnings	18
Key terms	18
Notice to the reader	18
Additional information	19
Brocade resources	19
Other industry resources	19
Getting technical help	19
Document feedback	20
Introducing FCoE	21
In this chapter	21
FCoE terminology	21
FCoE overview	21
FCoE hardware	22
Layer 2 Ethernet overview	28
Layer 2 forwarding	28
VLAN tagging	29
Loop-free network environment	30
Frame classification (incoming)	30
Congestion control and queuing	31
Access control	32
Trunking	33
Flow Control	33
FCoE Initialization Protocol	33
FIP discovery	33
FIP login	34
FIP logout	35
FCoE login	35
FCoE logout	35
Logincfg	36
Name server	36
FC zoning	36
Registered state change notification (RSCN)	37
FCoE queuing	37
Using the CEE CLI	39
In this chapter	39
Management Tools	39
CEE Command Line Interface	39
Saving your configuration changes	40
CEE CLI RBAC permissions	40
Accessing the CEE CLI through the console or Telnet	41
Accessing the CEE CLI from the Fabric OS shell	41
CEE CLI command modes	41
CEE CLI keyboard shortcuts	43
Using the do command as a shortcut	44
Displaying CEE CLI commands and command syntax	44
CEE CLI command completion	45
CEE CLI command output modifiers	45
Standard CEE Integrations and Configurations	47
In this chapter	47
Overview of standard CEE integrations	47
SAN Integration	47
Integrating a Brocade 8000 switch on a SAN	48
CEE and LAN integration	48
Creating the CEE map	50
Configuring DCBX	51
Configuring Spanning Tree Protocol	52
Configuring VLAN Membership	52
Configuring the CEE Interfaces	53
Server connections to the Brocade 8000 switch	55
Fibre Channel configuration for the CNA	55
Ethernet configuration for the CNA	55
Minimum CEE configuration to allow FCoE traffic flow	55
Configuring VLANs Using the CEE CLI	57
In this chapter	57
VLAN overview	57
Ingress VLAN filtering	57
VLAN configuration guidelines and restrictions	59
Default VLAN configuration	59
VLAN configuration and management	59
Enabling and disabling an interface port	60
Configuring the MTU on an interface port	60
Creating a VLAN interface	60
Enabling STP on a VLAN	61
Disabling STP on a VLAN	61
Configuring a VLAN interface to forward FCoE traffic	61
Configuring an interface port as a Layer 2 switch port	62
Configuring an interface port as an access interface	62
Configuring an interface port as a trunk interface	62
Disabling a VLAN on a trunk interface	63
Configuring an interface port as a converged interface	63
Disabling a VLAN on a converged interface	64
Configuring protocol-based VLAN classifier rules	64
Configuring a VLAN classifier rule	65
Configuring MAC address-based VLAN classifier rules	65
Deleting a VLAN classifier rule	65
Creating a VLAN classifier group and adding rules	65
Activating a VLAN classifier group with an interface port	66
Clearing VLAN counter statistics	66
Displaying VLAN information	66
Configuring the MAC address table	66
Specifying or disabling the aging time for MAC addresses	67
Adding static addresses to the MAC address table	67
Configuring STP, RSTP, and MSTP using the CEE CLI	69
In this chapter	69
STP overview	69
Configuring STP on Brocade FCoE hardware	70
RSTP overview	71
MSTP overview	73
Configuring MSTP on Brocade FCoE hardware	74
STP, RSTP, and MSTP configuration guidelines and restrictions	75
Default STP, RSTP, and MSTP configuration	75
STP, RSTP, and MSTP configuration and management	77
Enabling STP, RSTP, or MSTP	77
Disabling STP, RSTP, or MSTP	77
Shutting down STP, RSTP, or MSTP globally	77
Specifying the bridge priority	78
Specifying the bridge forward delay	78
Specifying the bridge maximum aging time	79
Enabling the error disable timeout timer	79
Specifying the error disable timeout interval	79
Specifying the port-channel path cost	80
Specifying the bridge hello time (STP and RSTP)	80
Specifying the transmit hold count (RSTP and MSTP)	80
Enabling Cisco interoperability (MSTP)	81
Disabling Cisco interoperability (MSTP)	81
Mapping a VLAN to an MSTP instance	81
Specifying the maximum number of hops for a BPDU (MSTP)	82
Specifying a name for an MSTP region	82
Specifying a revision number for an MSTP configuration	82
Flushing MAC addresses (RSTP and MSTP)	83
Clearing spanning tree counters	83
Clearing spanning tree-detected protocols	83
Displaying STP, RSTP, and MSTP-related information	84
Configuring STP, RSTP, or MSTP on CEE interface ports	84
Enabling automatic edge detection	84
Configuring the path cost	84
Enabling a port (interface) as an edge port	85
Enabling the guard root	85
Specifying the MSTP hello time	86
Specifying restrictions for an MSTP instance	86
Specifying a link type	87
Enabling port fast (STP)	87
Specifying the port priority	87
Restricting the port from becoming a root port	88
Restricting the topology change notification	88
Enabling spanning tree	88
Disabling spanning tree	89
Configuring Link Aggregation using the CEE CLI	91
In this chapter	91
Link aggregation overview	91
Link Aggregation Group configuration	91
Link Aggregation Control Protocol	95
Dynamic link aggregation	95
Static link aggregation	95
Brocade-proprietary aggregation	95
LAG distribution process	95
LACP configuration guidelines and restrictions	96
Default LACP configuration	96
LACP configuration and management	96
Enabling LACP on a CEE interface	97
Configuring the LACP system priority	97
Configuring the LACP timeout period on a CEE interface	97
Clearing LACP counter statistics on a LAG	98
Clearing LACP counter statistics on all LAG groups	98
Displaying LACP information	98
LACP troubleshooting tips	98
Configuring LLDP using the CEE CLI	101
In this chapter	101
LLDP overview	101
Layer 2 topology mapping	102
DCBX overview	104
Enhanced Transmission Selection (ETS)	104
Priority Flow Control (PFC)	105
DCBX interaction with other vendor devices	105
LLDP configuration guidelines and restrictions	105
Default LLDP configuration	106
LLDP configuration and management	106
Enabling LLDP globally	106
Disabling and resetting LLDP globally	106
Configuring LLDP global command options	107
Configuring LLDP interface-level command options	111
Clearing LLDP-related information	111
Displaying LLDP-related information	111
Configuring ACLs using the CEE CLI	113
In this chapter	113
ACL overview	113
Default ACL configuration	114
ACL configuration guidelines and restrictions	114
ACL configuration and management	114
Creating a standard MAC ACL and adding rules	114
Creating an extended MAC ACL and adding rules	115
Modifying MAC ACL rules	115
Removing a MAC ACL	116
Reordering the sequence numbers in a MAC ACL	116
Applying a MAC ACL to a CEE interface	117
Applying a MAC ACL to a VLAN interface	117
Configuring QoS using the CEE CLI	119
In this chapter	119
QoS overview	119
Rewriting	120
Queueing	120
User-priority mapping	120
Traffic class mapping	124
Congestion control	126
Tail drop	126
Ethernet pause	128
Ethernet Priority Flow Control	129
Multicast rate limiting	129
Scheduling	130
Strict priority scheduling	130
Deficit weighted round robin scheduling	131
Traffic class scheduling policy	131
Multicast queue scheduling	133
Converged Enhanced Ethernet map configuration	133
Configuring 802.1x Port Authentication	139
In this chapter	139
802.1x protocol overview	139
802.1x configuration guidelines and restrictions	139
802.1x authentication configuration tasks	140
Configure authentication between the switch and CNA or NIC	140
Interface-specific administrative tasks for 802.1x	140
Configuring 802.1x on specific interface ports	140
Configuring 802.1x timeouts on specific interface ports	141
Configuring 802.1x re-authentication on specific interface ports	141
Disabling 802.1x on specific interface ports	141
Configuring FCoE using the Fabric OS CLI	143
In this chapter	143
FCoE configuration guidelines and restrictions	143
Managing and displaying the FCoE configuration	143
Enabling or disabling an FCoE port	144
Configuring FCMAP values for a VLAN	144
Configuring FIP multicast advertisement intervals	144
Clearing logins	145
Displaying FCoE configuration-related information	145
Managing and displaying the FCoE login configuration	145
Enabling or disabling FCoE login configuration management	145
Displaying or aborting the current configuration transaction	146
Cleaning up login groups and VN_port mappings	146
Displaying the FCoE login configuration	146
Saving the current FCoE configuration	147
Creating and managing the FCoE login group configuration	147
Creating an FCoE login group	147
Modifying the FCoE login group device list	148
Deleting an FCoE login group	148
Renaming an FCoE login group	148
Administering the switch	149
In this chapter	149
CEE configuration management guidelines and restrictions	149
CEE configuration management tasks	149
Flash file management commands	150
Debugging and logging commands	151
Configuring RMON using the CEE CLI	153
In this chapter	153
RMON overview	153
RMON configuration and management	153
Default RMON configuration	153
Configuring RMON settings	153
Configuring RMON events	154
Configuring RMON Ethernet group statistics collection	154
Index	157
Symbols	157
Numerics	157
A	157
B	157
C	158
D	158
E	158
F	158
G	159
H	159
I	159
K	159
L	159
M	160
N	160
O	160
P	160
Q	161
R	161
S	161
T	161
U	162
V	162
W	162

Match case Limit results 1 per page

Converged Enhanced Ethernet Administrator’s Guide

53-1001346-01

ACL configuration and management

Enter the

deny

command to create a rule in the MAC ACL to drop traffic with the source MAC

address.

switch(conf-macl-std)#

deny 0022.3333.4444 count

Enter the

permit

command to create a rule in the MAC ACL to permit traffic with the source

MAC address.

switch(conf-macl-std)#

permit 0022.5555.3333 count

Use the

seq

command to create MAC ACL rules in a specific sequence.

switch(conf-macl-std)#

seq 100 deny 0011.2222.3333 count

switch(conf-macl-std)#

seq 1000 permit 0022.1111.2222 count

Creating an extended MAC ACL and adding rules

NOTE

You can use the

resequence

command to change all the sequence numbers assigned to the rules

in a MAC ACL. For detailed information, see

“Reordering the sequence numbers in a MAC ACL”

page 96.

The MAC ACL name length is limited to 64 characters.

To create an extended MAC ACL and add rules, perform the following steps from Privileged EXEC

mode.

Enter the

configure terminal

command to enter global configuration mode.

Create an extended MAC ACL and enter ACL configuration mode.

Example of setting the name of the extended MAC ACL to “test_02.”

switch(config)#

mac access-list extended test_02

Create a rule in the MAC ACL to

permit

traffic with the source MAC address and the destination

MAC address.

Example

switch(conf-macl-ext)#

permit 0022.3333.4444 0022.3333.5555

Use the

seq

command to insert the rule anywhere in the MAC ACL.

Example

switch(conf-macl-std)#

seq 5 permit 0022.3333.4444 0022.3333.5555

Enter the copy command to save the running-config file to the startup-config file.

switch(conf-macl-std)#

exit

switch(config)#end

switch#

copy running-config startup-config

Modifying MAC ACL rules

You cannot modify the existing rules of a MAC ACL. However, you can remove the rule and then

recreate it with the desired changes.

If you need to add more rules between existing rules than the current sequence numbering allows,

you can use the resequence command to reassign sequence numbers. For detailed information,

see

“Reordering the sequence numbers in a MAC ACL”

on page 96.