The implementation of ACL filters is similar in all switches but there are some differences as summarized in the following tables.
Note
The InVSN Filter shares the port-based groups in the following table.
|
5320 Series |
5420 Series 5520 Series |
|---|---|
|
If you enable Application Telemetry, IPv6 security filter commands and configurations are supported. |
If you enable Application Telemetry, IPv6 security filter commands and configurations are supported. |
|
The switch supports two ingress filter groups, where each type can hold both Security and QoS actions:
|
The switch supports two ingress filter groups, where each group is shared by two filter types:
|
|
For each ingress packet, one ACE rule is matched based on the configuration. A parallel search is not performed on the two filter groups. |
For each ingress packet, a parallel search is performed on each of the two filter groups. |
|
Filter |
5320 Series |
5420 Series 5520 Series |
|---|---|---|
|
ACE ID ranges supported |
|
|
|
redirect-next-hop support |
Supported in both the Global Routing Table and VRF contexts. Note:
Only 5320-48P-8XE and 5320-48T-8XE support more than one VRF with IP configuration. |
Supported in both the Global Routing Table and VRF contexts. |
|
5320 Series |
5420 Series 5520 Series |
|---|---|
|
Does not support viewing ACL statistics by the ACE type, Security and QoS. The output displays N/A. |
Supports viewing ACL statistics by the ACE type, Security and QoS. |
|
5320 Series |
5420 Series 5520 Series |
|---|---|
|
The 16-port and 24-port 5320 Series models support the following ACE match criteria for IPv6 ACLs:
Note:
16-port and 24-port 5320 Series models are restricted to a maximum of 15 distinct values for each source/destination port. For more information, see Attributes. Support on the 48-port 5320 Series models is the same as 5420 Series and 5520 Series. |
Supports the following ACE match criteria for IPv6 ACLs:
|
For QoS scaling and filter scaling information, see Fabric Engine Release Notes.