Ethernet Switches & Routers

Reply
New Contributor
Posts: 2
Registered: ‎09-18-2011

ACL question on ICX6610

A quick description of my setup.  I have a stack of ICX6610s that are carved up into multiple VLANS.  If one were to want to get from one VLAN to another then they would route through our firewalls and security infrastructure.  The one exception to this is I would like to route traffic from the managment vlan through the ICX 6610s.  This is traffic such as backups and that type of thing and did not want to overburden the firewalls with this traffic.

 

So, I have a Vlan with a VE interface and IP address associated to it Say this VLAN is number 20

 

I would want to do something like this:

ip access-list 10 permit mgmt-network/24

 

interface ve 20

ip access-group 10 in

 

So, the desired outcome here is to have only traffic that is coming through the ve router interface to be acted upon by the ACL.  So, only management traffic could come through that routed interface.  However, what happens it everything gets blocked with the exception of this managment traffic.

 

I came across some documentation title "Enabling ACL support for switched traffic in the router image"  which in that article it states:

 

"For Brocade FCX Series and ICX devices, ACL support for switched traffic in the router image is enabled by default. There is no command to enable or disable it."

 

So, is there no way to accomplish what I am after with the ICX?

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.