Rule-based ip acls, Chapter 3, Chapter – Brocade Communications Systems Brocade ICX 6650 6650 User Manual
Page 101
Brocade ICX 6650 Security Configuration Guide
81
53-1002601-01
Chapter
3
Rule-Based IP ACLs
list the Access Control List (ACL) features supported on Brocade ICX 6650.
lists the features supported on inbound traffic, while
lists the features supported
on outbound traffic. These features are supported in the Layer 2, base Layer 3, edge Layer 3, and
full Layer 3 software images, except where explicitly noted.
TABLE 15
Supported ACL features on inbound traffic
Feature
Brocade ICX 6650
Hardware-based ACLs
Yes
Standard named and numbered ACLs
Yes
Extended named and numbered ACLs
Yes
User input preservation for ACL TCP/UDP
port numbers
Yes
ACL comment text
Yes
ACL logging of denied packets
Yes
ACL logging with traffic rate limiting (to
prevent CPU overload)
Yes
NOTE: This feature is enabled by default.
There is no CLI command to enable
or disable it
Strict control of ACL filtering of
fragmented packets
Yes
ACL support for switched traffic in the
router image
Yes
NOTE: This feature is enabled by default.
There is no CLI command to enable
or disable it
ACL filtering based on VLAN membership
or VE port membership
Yes
Filtering on IP precedence and ToS value Yes
QoS options for IP ACLs
Yes
Priority mapping using ACLs
Yes
Hardware usage statistics
Yes
Policy-based routing (PBR)
(Supported in the full Layer 3 code only)
Yes
TABLE 16
Supported ACL features on outbound traffic
Feature
Brocade ICX 6650
Hardware-based ACLs
Yes
Standard named and numbered
ACLs
Yes