beautypg.com

Types of ip acls, Acl ids and entries, Types of ip acls acl ids and entries – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 104

background image

listed in the Supported ACL features on inbound traffic and Supported ACL features on outbound
traffic tables respectively and discussed in more detail in the rest of this chapter.

NOTE
FastIron devices do not support flow-based ACLs.

Rule-based ACLs program the ACL entries you assign to an interface into Content Addressable
Memory (CAM) space allocated for the ports. The ACLs are programmed into hardware at startup (or
as new ACLs are entered and bound to ports). Devices that use rule-based ACLs program the ACLs
into the CAM entries and use these entries to permit or deny packets in the hardware, without sending
the packets to the CPU for processing.

Rule-based ACLs are supported on the following interface types:

• Gbps Ethernet ports
• 10 Gbps Ethernet ports
• Trunk groups
• Virtual routing interfaces

Types of IP ACLs

You can configure the following types of IP ACLs:

• Standard - Permits or denies packets based on source IP address. Valid standard ACL IDs are 1 -

99 or a character string.

• Extended - Permits or denies packets based on source and destination IP address and also based

on IP protocol information. Valid extended ACL IDs are a number from 100 - 199 or a character
string.

ACL IDs and entries

ACLs consist of ACL IDs and ACL entries:

• ACL ID - An ACL ID is a number from 1 - 99 (for a standard ACL) or 100 - 199 (for an extended

ACL) or a character string. The ACL ID identifies a collection of individual ACL entries. When you
apply ACL entries to an interface, you do so by applying the ACL ID that contains the ACL entries to
the interface, instead of applying the individual entries to the interface. This makes applying large
groups of access filters (ACL entries) to interfaces simple. Refer to

Numbered and named ACLs

on

page 105.

NOTE
This is different from IP access policies. If you use IP access policies, you apply the individual policies
to interfaces.

• ACL entry - Also called an ACL rule , this is a filter command associated with an ACL ID. The

maximum number of ACL rules you can configure is a system-wide parameter and depends on the
device you are configuring. You can configure up to the maximum number of entries in any

Types of IP ACLs

104

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: