ACL application-targets

ACLs that you apply to interfaces or at global configuration level are summarized in a table.

You create all of these ACL types using the { mac | ip | ipv6 } access-list commands.

Table 1. ACLs applied to interfaces or at global configuration level
Target/type Description Applied from Applied with Types supported Reference

Interface

Filters all traffic entering or exiting an interface.

Interface configuration sub-modes (including VLAN and VE)

{ mac | ip | ipv6 } access-group { in | out }

MAC, IPv4, IPv6

Standard, extended

Layer 2 (MAC) ACLs

Layer 3 (IPv4 and IPv6) ACLs

Receive-path

Receive-path ACLs (rACLs) are applied at global configuration level. Their primary function is to filter CPU-bound traffic.

Global configuration mode

{ ip | ipv6 } receive access-group

IPv4, IPv6

Standard, extended

Interface ACLs and rACLs

The following table summarizes details of ACL types not discussed in the current unit, as they differ significantly from ACLs applied to interfaces and at global configuration level.

Table 2. Other ACL applications
Target/type Description Created with Applied with Types supported Notes

ACL-RL

Support rate-limiting and policing; can also protect against denial of service (DOS) attacks.

{ ip | ipv6 } access-list

match access-group acl-name

IPv4

Standard, extended

The mirror keyword is not supported.

Applied from class-map configuration mode.

IP broadcast ACLs (bACLs)

Identify directed broadcast and network-address traffic by the specified subnets, and filter traffic on the corresponding VRF.

{ ip | ipv6 } access-list

ip subnet-broadcast-acl acl-name

IPv4

Standard, extended

Apply the ACL at device level, interface level, or VE level.

PBR

If an incoming packet matches an ACL rule, can modify default routing behavior, for example, by changing the destination port.

{ ip | ipv6 } access-list

match {ip|ipv6} address acl acl-name

IPv4, IPv6

Standard, extended

The mirror keyword is not supported.

Applied from route-map configuration mode.

Management information base (MIB)

The SNMP agent supports Get, Get-next, and Get-bulk requests for L2 ACLs on the BROCADE-ACL-MIB.

mac access-list

mac access-group

MAC

Standard, extended

Refer to Extreme SLX-OS MIB Reference.