Ethernet Switches & Routers

Reply
Occasional Contributor
Posts: 7
Registered: ‎10-08-2013

L2ACL and VACL features on ICX6430/6450/6610 support?

Does the ICXs (6430, 6450, 6610) supports Layer 2 ACL (MAC ACL) and VACL (similar Cisco VLAN access map)?

Broadcom
Posts: 152
Registered: ‎10-05-2010

Re: L2ACL and VACL features on ICX6430/6450/6610 support?

Occasional Contributor
Posts: 7
Registered: ‎10-08-2013

Re: L2ACL and VACL features on ICX6430/6450/6610 support?

Thanks for your answer!

 

I have found "Mac filter" feature in documentation (Layer 2 Switching Configuration Guide). Is this feature close to L2ACL or has another functionality?

 

"MAC layer filtering enables you to build access lists based on MAC layer headers in the Ethernet/IEEE 802.3 frame. You can filter on the source and destination MAC addresses. The filters apply to incoming traffic only. You configure MAC address filters globally, then apply them to individual interfaces. To apply MAC address filters to an interface, you add the filters to that interface MAC address filter group."

 

For example:

 

device(config)#mac filter 1 permit 0000.0011.2222 ffff.ffff.ffff 0000.0022.3333 ffff.ffff.fff

device(config)#interface ethernet 0/1/1
device(config-if-e10000-0/1/1)#mac filter-group 1

Occasional Contributor
Posts: 7
Registered: ‎10-08-2013

Re: L2ACL and VACL features on ICX6430/6450/6610 support?

Dear smahadev.

 

I think "ACL filtering based on VLAN membership" - this is it not exactly VACL.

 

Because:

 

1). VLAN ACLs (VACLs) can provide access control for all packets that are bridged within a VLAN or that are routed into or out of a VLAN. Another words, VACL apply to entire VLAN (or list of VLANs), but "ACL filtering based on VLAN membership" apply to a specific VLAN on a specific physical port.

 

2). VACLs are not defined by direction (ingress or egress). "ACL filtering based on VLAN membership" apply only for inbound traffic

 

 

Broadcom
Posts: 152
Registered: ‎10-05-2010

Re: L2ACL and VACL features on ICX6430/6450/6610 support?

Yes, you're right. Layer 2 ACLs are available on our NetIron platform, not fastiron.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook