Brocade Communications Systems 6650 Switch User Manual


 
Brocade ICX 6650 Security Configuration Guide 81
53-1002601-01
Chapter
3
Rule-Based IP ACLs
Table 15 and Table 16 list the Access Control List (ACL) features supported on Brocade ICX 6650.
Table 15 lists the features supported on inbound traffic, while Table 16 lists the features supported
on outbound traffic. These features are supported in the Layer 2, base Layer 3, edge Layer 3, and
full Layer 3 software images, except where explicitly noted.
TABLE 15 Supported ACL features on inbound traffic
Feature Brocade ICX 6650
Hardware-based ACLs Yes
Standard named and numbered ACLs Yes
Extended named and numbered ACLs Yes
User input preservation for ACL TCP/UDP
port numbers
Yes
ACL comment text Yes
ACL logging of denied packets Yes
ACL logging with traffic rate limiting (to
prevent CPU overload)
Yes
NOTE: This feature is enabled by default.
There is no CLI command to enable
or disable it
Strict control of ACL filtering of
fragmented packets
Yes
ACL support for switched traffic in the
router image
Yes
NOTE: This feature is enabled by default.
There is no CLI command to enable
or disable it
ACL filtering based on VLAN membership
or VE port membership
Yes
Filtering on IP precedence and ToS value Yes
QoS options for IP ACLs Yes
Priority mapping using ACLs Yes
Hardware usage statistics Yes
Policy-based routing (PBR)
(Supported in the full Layer 3 code only)
Yes
TABLE 16 Supported ACL features on outbound traffic
Feature Brocade ICX 6650
Hardware-based ACLs Yes
Standard named and numbered
ACLs
Yes