Table of Contents
Advertisement
FESX, FSX, and FWSX devices support rule-based ACLs (sometimes called hardware-based ACLs), where the
decisions to permit or deny packets are processed in hardware and all permitted packets are switched or routed in
hardware.
Rule-based ACLs program the ACL entries you assign to an interface into Content Addressable Memory (CAM)
space allocated for the port(s). The ACLs are programmed into hardware at startup (or as new ACLs are entered
and bound to ports). Devices that use rule-based ACLs program the ACLs into the CAM entries and use these
entries to permit or deny packets in the hardware, without sending the packets to the CPU for processing.
Rule-based ACLs are supported on physical interfaces, trunk groups, and virtual routing interfaces.
NOTE: The FESX, FSX, and FWSX devices support hardware-based ACLs only. These devices do not support
flow-based ACLs. In contrast, FES devices support flow-based ACLs only.
This chapter contains the following information:
Description
ACL Overview
How hardware-based ACLs work
Configuration considerations
Configuring standard numbered ACLs
Configuring standard named ACLs
Configuring extended numbered ACLs
Configuring extended named ACLs
Adding a comment to an ACL entry
Enabling ACL filtering of fragmented packets
Enabling ACL filtering based on VLAN membership or VE
port membership
December 2005
Rule-Based IP Access Control Lists (ACLs)
Table 12.1: Chapter Contents
© Foundry Networks, Inc.
Chapter 12
See Page
12-2
12-3
12-4
12-4
12-6
12-8
12-13
12-18
12-20
12-20
12 - 1
- Quick Links:
- Configuration Guide
- Web Access
Hide quick links:
Advertisement
Table of Contents
