Configuration Guide User guide
1704 FastIron Configuration Guide
53-1002494-02
Rule-Based IP ACLs
Hardware usage statistics Yes Yes Yes Yes Yes
Policy-based routing (PBR)
(Supported in the full Layer 3 code only)
Yes No Yes Yes No
1. ICX 6430 devices have only four priority queues. See “Queues for the ICX 6430 switch” on page 1973 for more
information.
TABLE 283 Supported ACL features on outbound traffic
Feature FSX 800
FSX 1600
1
FESX FWS FCX ICX 6610 ICX 6430
ICX 6450
Hardware-based ACLs YesNoNoYesYesYes
Standard named and numbered
ACLs
YesNoNoYesYesYes
Extended named and numbered
ACLs
YesNoNoYesYesYes
User input preservation for ACL
TCP/UDP port numbers
YesNoNoYesYesYes
ACL comment text Yes No No Yes Yes Yes
ACL logging of denied packetsNoNoNoNoNoNo
ACL logging with traffic rate limiting
(to prevent CPU overload)
No No No No No No
Strict control of ACL filtering of
fragmented packets
YesNoNoYesYesYes
ACL support for switched traffic in
the router image
Yes No No Yes Yes ICX 6450
only
This feature is enabled by default for outbound ACLs on
platforms that support outbound ACL support. There is no CLI
command to enable or disable it.
ACL filtering based on VLAN
membership or VE port membership
Not applicable for outbound traffic.
ACLs to filter ARP packets Not applicable for outbound traffic.
Filtering on IP precedence and ToS
value
YesNoNoYesYesYes
Combined DSCP and internal
marking in one ACL rule
Not applicable for outbound traffic, as DSCP CoS mapping is not
supported.
QoS options for IP ACLs
2
YesNoNoYesYesYes
DSCP CoS mapping DSCP CoS mapping is not supported for outgoing traffic.
Priority mapping using ACLs Internal priority marking is not supported for outgoing traffic.
Hardware usage statistics Yes No No Yes Yes Yes
Policy-based routing (PBR)
(Supported in the full Layer 3 code
only)
Not applicable for outbound traffic No
TABLE 282 Supported ACL features on inbound traffic
Feature FESX
FSX 800
FSX 1600
FWS FCX ICX 6610 ICX 6430
ICX 6450