Manualshelf

Configuration Guide Manual

ManualsBrandsBrocade ManualsComputer AccessoriesTurboIron 24X Series
931932933934935936937938939940
Brocade TurboIron 24X Series Configuration Guide 897
53-1003053-01
Chapter
28
Configuring Rule-Based IP Access Control Lists
In this chapter
ACL overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 897
How hardware-based ACLs work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 899
Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 900
Configuring standard numbered ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 901
Configuring standard named ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 903
Configuring extended numbered ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 905
Configuring extended named ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 911
Preserving user input for ACL TCP/UDP port numbers . . . . . . . . . . . . . . . . 915
Managing ACL comment text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 916
Applying an ACL to a virtual interface in a protocol- or subnet-based VLAN 917
Enabling ACL logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917
Enabling strict control of ACL filtering of fragmented packets . . . . . . . . . . 919
Enabling ACL support for switched traffic in the router image. . . . . . . . . . 920
Enabling ACL filtering based on VLAN membership or VE port membership 920
Filtering on IP precedence and ToS values . . . . . . . . . . . . . . . . . . . . . . . . . 922
QoS options for IP ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 923
ACL-based rate limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 925
Using ACLs to control multicast features . . . . . . . . . . . . . . . . . . . . . . . . . . . 925
Enabling and viewing hardware usage statistics for an ACL . . . . . . . . . . . 925
Displaying ACL information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 926
Troubleshooting ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 926
ACL overview
This chapter describes how Access Control Lists (ACLs) are implemented and configured in the
devices.
Devices support rule-based ACLs (sometimes called hardware-based ACLs), where the decisions to
permit or deny packets are processed in hardware and all permitted packets are switched or routed
in hardware. All denied packets are also dropped in hardware. In addition, devices support
inbound ACLs only. Outbound ACLs are not supported.
NOTE
Devices support hardware-based ACLs only. These devices do not support flow-based ACLs.