Ipv6 acls, Ipv6 acl overview, Chapter 4 – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 147: Chapter 4, “ipv6 acls, Chapter

Advertising
background image

Brocade ICX 6650 Security Configuration Guide

127

53-1002601-01

Chapter

4

IPv6 ACLs

Table 17

lists the IPv6 Access Control Lists (ACL) features supported on Brocade ICX 6650. These

features are supported in Brocade ICX 6650 that can be configured as an IPv6 host in an IPv6
network, and in devices that support IPv6 routing. These features are supported in the Layer 2,
base Layer 3, edge Layer 3, and full Layer 3 software images, except where explicitly noted.

This chapter describes how ACLs are implemented and configured on a Brocade device.

IPv6 ACL overview

Brocade devices support IPv6 Access Control Lists (ACLs) for inbound traffic filtering, as detailed in

Table 17

. You can configure up to 100 IPv6 ACLs and, by default, up to a system-wide maximum of

8192 ACL rules.

An IPv6 ACL is composed of one or more conditional statements that pose an action (permit or
deny) if a packet matches a specified source or destination prefix. For Brocade ICX 6650, there
can be up to 2045 total hardware entries. Most IPv6 ACL rules will need 2 hardware entries, and
some more than 2, per port region, including IPv6, IPv4, MAC address filters, and default
statements. When the maximum number of ACL rules allowed per port region is reached, an error
message will display on the console.

The last statement in each IPv6 ACL is an implicit deny statement for all packets that do not match
the previous statements in the ACL.

You can configure an IPv6 ACL on a global basis, then apply it to the incoming IPv6 packets on
specified interfaces. You can apply only one IPv6 ACL to an interface. When an interface receives
an IPv6 packet, it applies the statements within the ACL in their order of appearance to the packet.
As soon as a match occurs, the Brocade device takes the specified action (permit or deny the
packet) and stops further comparison for that packet.

IPv6 ACLs are supported on:

Gbps Ethernet ports

10 Gbps Ethernet ports

Trunk groups

Virtual routing interfaces

TABLE 17

Supported IPv6 ACL features

Feature

Brocade ICX 6650

IPv6 ACLs

Yes

Applying an IPv6 ACL to an interface

Yes

IPv6 ACL comment text

Yes

IPv6 ACL logging of denied packets

Yes

Advertising
Popular Brands
Popular manuals