ACL Filters Behavior Differences

The implementation of ACL filters is similar in all switches but there are some differences as summarized in the following tables.

Note

The InVSN Filter shares the port-based groups in the following table.

Table 1. Action behavior
Filter	5320 Series	5420 Series 5520 Series 5720 Series
ACE ID ranges supported	IPv4 and IPv6 filters: ACEs: 1–2000 support both Security and QoS actions	IPv4 filters support both Security and QoS actions in both Primary Bank and Secondary Bank ranges: Primary Bank: 1-1000 Secondary Bank: 1001-2000 IPv6 filters: ACEs: 1–2000 support both Security and QoS actions
redirect-next-hop support	Supported in both the Global Routing Table and VRF contexts. Note: Only 5320-48P-8XE and 5320-48T-8XE support more than one VRF with IP configuration.	Supported in both the Global Routing Table and VRF contexts.

Table 2. ACL statistics behavior
5320 Series	5420 Series 5520 Series 5720 Series
Does not support viewing ACL statistics by the ACE type, Security and QoS. The output displays N/A.	Supports viewing ACL statistics by the ACE type, Primary Bank and Secondary Bank.

Table 3. ACE match criteria
5320 Series	5420 Series 5520 Series 5720 Series
The 16-port and 24-port 5320 Series models support the following ACE match criteria for IPv6 ACLs: ethernet ACE: ether-type port vlan-id IPv6 ACE: dst-ipv6 nxt-hdr routed-only src-ipv6 protocol ACE: dst-port src-port Note: 16-port and 24-port 5320 Series models are restricted to a maximum of 15 distinct values for each source/destination port. For more information, see Attributes. Support on the 48-port 5320 Series models is the same as 5420 Series and 5520 Series.	Supports the following ACE match criteria for IPv6 ACLs: ethernet ACE: ether-type port vlan-id vlan-tag-prio IPv6 ACE: dst-ipv6 nxt-hdr routed-only src-ipv6 traffic-class protocol ACE: dst-port icmpv6-msg-type src-port tcp-flags

For QoS scaling and filter scaling information, see Fabric Engine Release Notes.