Brocade Communications Systems 12.4.00a Manual De Usuario

Chapter

2

Access Control List

How ServerIron processes ACLs

This chapter describes the Access Control List (ACL) feature. ACLs allow you to filter traffic based on 
the information in the IP packet header. Depending on the Brocade device, the device may also 
support Layer 2 ACLs, which filter traffic based on Lay 2 MAC header fields.   

You can use IP ACLs to provide input to other features such as distribution lists and rate limiting. 
When you use an ACL this way, use permit statements in the ACL to specify the traffic that you want 
to send to the other feature. If you use deny statements, the traffic specified by the deny 
statements is not supplied to the other feature. 

There are two ways that IPv4 ACLs are processed in Brocade devices: in software and in hardware. 
This processing differs depending on the software release that you are running. These differences 
are described in the following sections.

Prior to release 12.3.01

Prior to release 12.3.01, IPv4 ACLs were processed as described in the following:

For deny actions:

All deny packets are dropped in hardware.

For permit actions:

For pass-through traffic, packets are processed in hardware.

For Layer 4 - 7 traffic, packets are forwarded to the BPs and the BPs perform the ACL 
processing.

Beginning with release 12.3.01 and later

Beginning with release 12.3.01, IPv4 ACLs are processed as described in the following:

For deny actions:

All deny packets are dropped in hardware.

For permit actions:

For pass-through traffic, packets are processed in hardware.

For Layer 4 - 7 traffic, packets are processed in hardware and then forwarded to the BPs. The 
BPs do not take any action on the ACLs.