Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
1811181218131814181518161817181818191820
FastIron Configuration Guide 1755
53-1002494-02
Chapter
41
IPv6 ACLs
Table 286 lists the individual Brocade FastIron switches and the IPv6 Access Control Lists (ACL)
features they support. These features are supported in Brocade FastIron switches that can be
configured as an IPv6 host in an IPv6 network, and in devices that support IPv6 routing. These
features are supported in the Layer 2, base Layer 3, edge Layer 3, and full Layer 3 software
images, except where explicitly noted.
This chapter describes how Access Control Lists (ACLs) are implemented and configured on a
Brocade FastIron IPv6 switch.
IPv6 ACL overview
Brocade devices support IPv6 Access Control Lists (ACLs) for inbound traffic filtering, as detailed in
Table 286. You can configure up to 100 IPv6 ACLs and, by default, up to a system-wide maximum of
4000 ACL rules. For example, you can configure one ACL with 4000 entries, two ACLs with 2000
and 2093 entries respectively (combining IPv4 and IPv6 ACLs), etc.
An IPv6 ACL is composed of one or more conditional statements that pose an action (permit or
deny) if a packet matches a specified source or destination prefix. For FESX and FSX devices, there
can be up to 1024 statements per port region, including IPv6, IPv4, MAC address filters, and
default statements. For FCX devices, there can be up to 4096 statements per port region, including
IPv6, IPv4, MAC address filters, and default statements. For ICX devices, there can be up to 1536
statements per port region, including IPv6, IPv4, MAC address filters, and default statements.
When the maximum number of ACL rules allowed per port region is reached, an error message will
display on the console.
In ACLs with multiple statements, you can specify a priority for each statement.The specified
priority determines the order in which the statement appears in the ACL. The last statement in each
IPv6 ACL is an implicit deny statement for all packets that do not match the previous statements in
the ACL.
TABLE 286 Supported IPv6 ACL features
Feature FESX
FSX 800
FSX 1600
1
1. IPv6 ACLs are not supported on base Layer 3 software images on the FSX and FCX platforms
FWS FCX
1
ICX 6610 ICX 6430
ICX 6450
IPv6 ACLs Yes No Yes Yes Yes
Applying an IPv6 ACL to an interface Yes No Yes Yes Yes
IPv6 ACL comment text Yes No Yes Yes Yes
IPv6 ACL logging of denied packets Yes No Yes Yes Yes