beautypg.com

Numbered and named acls, Default acl action, Numbered and named acls default acl action – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 105

background image

combination in different ACLs. The total number of entries in all ACLs cannot exceed the system
maximum listed in the following table.

Maximum number of ACL entries

TABLE 11

System

Maximum ACL rules per port
region

Maximum ACL entries per
system

FSX 800 and FSX 1600 Layer 2 Switch

FSX 800 and FSX 1600 Layer 3 Switch

1015

8192

FCX Layer 2 or Layer 3 Switch

4093

8192

ICX 6610

3067

8192

ICX 6430

507

8192

ICX 6450

3067

8192

ICX 6650

2045

8192

ICX 7750

2047

8192

You configure ACLs on a global basis, then apply them to the incoming or outgoing traffic on specific
ports. The software applies the entries within an ACL in the order they appear in the ACL configuration.
As soon as a match is found, the software takes the action specified in the ACL entry (permit or deny
the packet) and stops further comparison for that packet.

Numbered and named ACLs

When you configure an ACL, you can refer to the ACL by a numeric ID or by an alphanumeric name.
The commands to configure numbered ACLs are different from the commands for named ACLs.

• Numbered ACL - If you refer to the ACL by a numeric ID, you can use 1 - 99 for a standard ACL or

100 - 199 for an extended ACL.

• Named ACL - If you refer to the ACL by a name, you specify whether the ACL is a standard ACL or

an extended ACL, then specify the name.

You can configure up to 99 standard numbered IP ACLs and 100 extended numbered IP ACLs. You
also can configure up to 99 standard named ACLs and 100 extended named ACLs by number.

Default ACL action

The default action when no ACLs are configured on a device is to permit all traffic. However, once you
configure an ACL and apply it to a port, the default action for that port is to deny all traffic that is not
explicitly permitted on the port:

• If you want to tightly control access, configure ACLs consisting of permit entries for the access you

want to permit. The ACLs implicitly deny all other access.

• If you want to secure access in environments with many users, you might want to configure ACLs

that consist of explicit deny entries, then add an entry to permit all access to the end of each ACL.
The software permits packets that are not denied by the deny entries.

Numbered and named ACLs

FastIron Ethernet Switch Security Configuration Guide

105

53-1003088-03

See also other documents in the category Brocade Computer Accessories: