Types of ip acls, Acl ids and entries, Numbered and named acls – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Brocade ICX 6650 Security Configuration Guide

83

53-1002601-01

ACL overview

•

Virtual routing interfaces

Types of IP ACLs

You can configure the following types of IP ACLs:

•

Standard – Permits or denies packets based on source IP address. Valid standard ACL IDs are
1 – 99 or a character string.

•

Extended – Permits or denies packets based on source and destination IP address and also
based on IP protocol information. Valid extended ACL IDs are a number from 100 – 199 or a
character string.

ACL IDs and entries

ACLs consist of ACL IDs and ACL entries:

•

ACL ID – An ACL ID is a number from 1 – 99 (for a standard ACL) or 100 – 199 (for an extended
ACL) or a character string. The ACL ID identifies a collection of individual ACL entries. When you
apply ACL entries to an interface, you do so by applying the ACL ID that contains the ACL entries
to the interface, instead of applying the individual entries to the interface. This makes applying
large groups of access filters (ACL entries) to interfaces simple. Refer to

“Numbered and

named ACLs”

on page 83.

NOTE

This is different from IP access policies. If you use IP access policies, you apply the individual
policies to interfaces.

•

ACL entry – Also called an ACL rule, this is a filter command associated with an ACL ID. The
maximum number of ACL rules you can configure is a system-wide parameter and depends on
the device you are configuring. You can configure up to the maximum number of entries in any
combination in different ACLs. For Brocade ICX 6650, the maximum number of ACL TCAM
entries per port region are 2045 and maximum number of ACL entries per system is 8192. You
configure ACLs on a global basis, then apply them to the incoming or outgoing traffic on
specific ports. The software applies the entries within an ACL in the order they appear in the
ACL configuration. As soon as a match is found, the software takes the action specified in the
ACL entry (permit or deny the packet) and stops further comparison for that packet.

Numbered and named ACLs

When you configure an ACL, you can refer to the ACL by a numeric ID or by an alphanumeric name.
The commands to configure numbered ACLs are different from the commands for named ACLs.

•

Numbered ACL – If you refer to the ACL by a numeric ID, you can use 1 – 99 for a standard ACL
or 100 – 199 for an extended ACL.

•

Named ACL – If you refer to the ACL by a name, you specify whether the ACL is a standard ACL
or an extended ACL, then specify the name.

You can configure up to 99 standard numbered IP ACLs and 100 extended numbered IP ACLs. You
also can configure up to 99 standard named ACLs and 100 extended named ACLs.