Configuration Guide User guide
FastIron Configuration Guide 1703
53-1002494-02
Chapter
40
Rule-Based IP ACLs
Table 282 and Table 283 list the individual Brocade FastIron switches and Access Control List
(ACL) features they support. Table 282 lists the features supported on inbound traffic, while
Table 283 lists the features supported on outbound traffic. These features are supported in the
Layer 2, base Layer 3, edge Layer 3, and full Layer 3 software images, except where explicitly
noted.
TABLE 282 Supported ACL features on inbound traffic
Feature FESX
FSX 800
FSX 1600
FWS FCX ICX 6610 ICX 6430
ICX 6450
Hardware-based ACLs Yes Yes Yes Yes Yes
Standard named and numbered ACLs Yes Yes Yes Yes Yes
Extended named and numbered ACLs Yes Yes Yes Yes Yes
User input preservation for ACL TCP/UDP
port numbers
Yes Yes Yes Yes Yes
ACL comment text Yes Yes Yes Yes Yes
ACL logging of denied packets Yes Yes Yes Yes Yes
ACL logging with traffic rate limiting (to
prevent CPU overload)
Yes Yes Yes Yes Yes
To enable,
configure a
traffic
conditioner.
This feature is enabled by default on FWS, FCX and
ICX devices. There is no CLI command to enable or
disable it.
Strict control of ACL filtering of
fragmented packets
Yes Yes Yes Yes Yes
ACL support for switched traffic in the
router image
Yes Yes Yes Yes ICX 6450
only
To enable, use
the
bridged-routed
parameter..
This feature is enabled by default on FWS, FCX and
ICX devices. There is no CLI command to enable or
disable it.
ACL filtering based on VLAN membership
or VE port membership
Yes Yes Yes Yes Yes
ACLs to filter ARP packets No Yes No No No
Filtering on IP precedence and ToS value Yes Yes Yes Yes Yes
Combined DSCP and internal marking in
one ACL rule
Yes NoNoNoNo
QoS options for IP ACLs Yes Yes Yes Yes Yes
1
DSCP CoS mapping Yes No No No No
Priority mapping using ACLs Yes Yes Yes Yes Yes