Brocade Communications Systems Brocade ICX 6650 6650 Manuel D’Utilisation
Brocade ICX 6650 Security Configuration Guide
81
53-1002601-01
Chapter
3
Rule-Based IP ACLs
lists the features supported on inbound traffic, while
lists the features supported
on outbound traffic. These features are supported in the Layer 2, base Layer 3, edge Layer 3, and
full Layer 3 software images, except where explicitly noted.
full Layer 3 software images, except where explicitly noted.
TABLE 15
Supported ACL features on inbound traffic
Feature
Brocade ICX 6650
Hardware-based ACLs
Yes
Standard named and numbered ACLs
Yes
Extended named and numbered ACLs
Yes
User input preservation for ACL TCP/UDP
port numbers
port numbers
Yes
ACL comment text
Yes
ACL logging of denied packets
Yes
ACL logging with traffic rate limiting (to
prevent CPU overload)
prevent CPU overload)
Yes
NOTE: This feature is enabled by default.
NOTE: This feature is enabled by default.
There is no CLI command to enable
or disable it
or disable it
Strict control of ACL filtering of
fragmented packets
fragmented packets
Yes
ACL support for switched traffic in the
router image
router image
Yes
NOTE: This feature is enabled by default.
NOTE: This feature is enabled by default.
There is no CLI command to enable
or disable it
or disable it
ACL filtering based on VLAN membership
or VE port membership
or VE port membership
Yes
Filtering on IP precedence and ToS value Yes
QoS options for IP ACLs
Yes
Priority mapping using ACLs
Yes
Hardware usage statistics
Yes
Policy-based routing (PBR)
(Supported in the full Layer 3 code only)
(Supported in the full Layer 3 code only)
Yes
TABLE 16
Supported ACL features on outbound traffic
Feature
Brocade ICX 6650
Hardware-based ACLs
Yes
Standard named and numbered
ACLs
ACLs
Yes