• MAC address filtering on FastIron devices is performed in hardware.
• MAC address filtering on FastIron devices differ from other Brocade devices in that you can only filter

on source and destination MAC addresses. Other Brocade devices allow you to also filter on the
encapsulation type and frame type.

• MAC address filtering applies to all traffic, including management traffic. To exclude management

traffic from being filtered, configure a MAC address filter that explicitly permits all traffic headed to the
management MAC (destination) address. The MAC address for management traffic is always the
MAC address of port 1.

• MAC address filters that have a global deny statement can cause the device to block all BPDUs. In

this case, include exception statements for control protocols in the MAC address filter configuration.

• MAC address filtering cannot be applied on management interface for all platforms.

The following configuration notes apply to Brocade Layer 3 devices:

• MAC address filters apply to both switched and routed traffic. If a routing protocol (for example,

OSPF) is configured on an interface, the configuration must include a MAC address filter rule that
allows the routing protocol MAC and the neighbor system MAC address.

• You cannot use MAC address filters to filter Layer 4 information.
• MAC address filters are supported on tagged ports in the Layer 3 software images.

FastIron Ethernet Switch Security Configuration Guide

247

53-1003088-03