beautypg.com

Configuring rule-based ip access control lists, Acl overview, Chapter 28 – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 931: Overview

background image

Brocade TurboIron 24X Series Configuration Guide

897

53-1003053-01

Chapter

28

Configuring Rule-Based IP Access Control Lists

In this chapter

ACL overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 897

How hardware-based ACLs work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 899

Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 900

Configuring standard numbered ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 901

Configuring standard named ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 903

Configuring extended numbered ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 905

Configuring extended named ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 911

Preserving user input for ACL TCP/UDP port numbers . . . . . . . . . . . . . . . . 915

Managing ACL comment text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 916

Applying an ACL to a virtual interface in a protocol- or subnet-based VLAN 917

Enabling ACL logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917

Enabling strict control of ACL filtering of fragmented packets . . . . . . . . . . 919

Enabling ACL support for switched traffic in the router image. . . . . . . . . . 920

Enabling ACL filtering based on VLAN membership or VE port membership 920

Filtering on IP precedence and ToS values . . . . . . . . . . . . . . . . . . . . . . . . . 922

QoS options for IP ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 923

ACL-based rate limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 925

Using ACLs to control multicast features . . . . . . . . . . . . . . . . . . . . . . . . . . . 925

Enabling and viewing hardware usage statistics for an ACL . . . . . . . . . . . 925

Displaying ACL information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 926

Troubleshooting ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 926

ACL overview

This chapter describes how Access Control Lists (ACLs) are implemented and configured in the
devices.

Devices support rule-based ACLs (sometimes called hardware-based ACLs), where the decisions to
permit or deny packets are processed in hardware and all permitted packets are switched or routed
in hardware. All denied packets are also dropped in hardware. In addition, devices support
inbound ACLs only. Outbound ACLs are not supported.

NOTE

Devices support hardware-based ACLs only. These devices do not support flow-based ACLs.

See also other documents in the category Brocade Computer Accessories: