Layer 2 acls, Layer 2 acls overview, Filtering based on ethertype – Brocade BigIron RX Series Configuration Guide User Manual
Page 665: Chapter 21
BigIron RX Series Configuration Guide
587
53-1002484-04
Chapter
21
Layer 2 ACLs
In this chapter
•
•
•
•
•
Layer 2 ACLs overview
This chapter presents information to configure and view Layer 2 ACLs.
Layer 2 Access Control Lists (ACLs) filter incoming traffic based on Layer 2 MAC header fields in the
Ethernet/IEEE 802.3 frame. Specifically, Layer 2 ACLs filter incoming traffic based on any of the
following Layer 2 fields in the MAC header:
•
Source MAC address and source MAC mask
•
Destination MAC address and destination MAC mask
•
VLAN ID
•
Ethernet type
The Layer 2 ACL feature is unique to Brocade devices and differs from software-based MAC
address filters. MAC address filters use the CPU to filter traffic; therefore, performance is limited by
the CPU’s processing power. Layer 2 ACLs filter traffic at line-rate speed.
Filtering based on ethertype
Layer 2 ACLs can filter traffic based on protocol type. For each Layer 2 ACL etype entry bound to a
port, a CAM entry is written to the corresponding CAM. You can conserve CAM space by configuring
only the Layer 2 ACLs needed. For instance, to filter only IPV4-Len-5 traffic, specify that particular
etype. This results in one CAM entry. Configuration examples are provided in the section
You can configure Layer 2 ACLs to use the etype argument to filter on the following etypes:
•
IPv4-Len-5 (Etype=0x0800, IPv4, HeaderLen 20 bytes)
•
ARP (Etype=0x0806, IP ARP)
•
IPv6 (Etype=0x86dd, IP version 6)