Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron

1761

1706 FastIron Configuration Guide

53-1002494-02

ACL overview

ACL IDs and entries

ACLs consist of ACL IDs and ACL entries:

• ACL ID – An ACL ID is a number from 1 – 99 (for a standard ACL) or 100 – 199 (for an extended

ACL) or a character string. The ACL ID identifies a collection of individual ACL entries. When

you apply ACL entries to an interface, you do so by applying the ACL ID that contains the ACL

entries to the interface, instead of applying the individual entries to the interface. This makes

applying large groups of access filters (ACL entries) to interfaces simple. Refer to “Numbered

and named ACLs” on page 1706.

NOTE

This is different from IP access policies. If you use IP access policies, you apply the individual

policies to interfaces.

• ACL entry – Also called an ACL rule, this is a filter command associated with an ACL ID. The

maximum number of ACL rules you can configure is a system-wide parameter and depends on

the device you are configuring. You can configure up to the maximum number of entries in any

combination in different ACLs. For example, on a FESX switch, you can configure 4095 entries

in one ACL, 2046 entries in two ACLs, etc.. The total number of entries in all ACLs cannot

exceed the system maximum listed in Table 284.

You configure ACLs on a global basis, then apply them to the incoming or outgoing traffic on

specific ports. The software applies the entries within an ACL in the order they appear in the ACL

configuration. As soon as a match is found, the software takes the action specified in the ACL entry

(permit or deny the packet) and stops further comparison for that packet.

Numbered and named ACLs

When you configure an ACL, you can refer to the ACL by a numeric ID or by an alphanumeric name.

The commands to configure numbered ACLs are different from the commands for named ACLs.

• Numbered ACL – If you refer to the ACL by a numeric ID, you can use 1 – 99 for a standard ACL

or 100 – 199 for an extended ACL.

• Named ACL – If you refer to the ACL by a name, you specify whether the ACL is a standard ACL

or an extended ACL, then specify the name.

TABLE 284 Maximum number of ACL entries

System Maximum ACL rules per port region Maximum ACL

entries per system

FESX Layer 2 Switch

FESX Layer 3 Switch

IPv4 devices = 1016

IPv6 devices = 1023

4096

FSX 800 and FSX 1600 Layer 2 Switch

FSX 800 and FSX 1600 Layer 3 Switch

1015 8192

FWS base Layer 3 Switch 756 (24-port)

1512 (48-port)

756 (24-port)

4096 (48-port)

FCX Layer 2 or Layer 3 Switch 4093 8192

ICX 6610 3069 8192

ICX 6430 508 8192

ICX 6450 3068 8192