Acl overview – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 103

Feature

ICX 6430

ICX 6450

FCX

ICX 6610

ICX 6650

FSX 800
FSX 1600

ICX 7750

ACL logging of denied packets

ACL logging with traffic rate limiting (to
prevent CPU overload)

Strict control of ACL filtering of
fragmented packets

08.0.01

08.0.10

ACL support for switched traffic in the
router image.

08.0.01

08.0.10

ACL filtering based on VLAN
membership or VE port membership

08.0.01

08.0.10

ACLs to filter ARP packets

Filtering on IP precedence and ToS
value

08.0.01

08.0.10

Combined DSCP and internal marking in
one ACL rule

QoS options for IP ACLs2

08.0.01

08.0.10

DSCP CoS mapping

08.0.01

08.0.10

Priority mapping using ACLs

Internal
priority
marking is
not
supported
for outgoing
traffic.

08.0.01

Internal
priority
marking is
not
supported
for outgoing
traffic.

08.0.10

Hardware usage statistics

08.0.01

08.0.10

NOTE
ACL features for outbound traffic are not supported on Gen2 modules of FSX series. Please check with
your Brocade Support representative for details.

This chapter describes how Access Control Lists (ACLs) are implemented and configured in the
Brocade devices.

NOTE
For information about IPv6 ACLs, refer to the IPv6 ACLs chapter.

ACL overview

Brocade devices support rule-based ACLs (sometimes called hardware-based ACLs), where the
decisions to permit or deny packets are processed in hardware and all permitted packets are switched
or routed in hardware. All denied packets are also dropped in hardware. FCX and ICX devices support
both inbound and outbound ACLs. The ACL features supported on inbound and outbound traffic are as

ACL overview

FastIron Ethernet Switch Security Configuration Guide

103

53-1003088-03