ACL application-targets

ACLs that you apply to interfaces or at global configuration level are summarized in a table.

You create all of these ACL types using the { mac | ip | ipv6 } access-list commands.

Table 1. ACLs applied to interfaces or at global configuration level
Target/type	Description	Applied from	Applied with	Types supported	Reference
Interface	Filters all traffic entering or exiting an interface.	Interface configuration sub-modes (including VLAN and VE)	{ mac \| ip \| ipv6 } access-group { in \| out }	MAC, IPv4, IPv6 Standard, extended	Layer 2 (MAC) ACLs Layer 3 (IPv4 and IPv6) ACLs
Receive-path	Receive-path ACLs (rACLs) are applied at global configuration level. Their primary function is to filter CPU-bound traffic.	Global configuration mode	{ ip \| ipv6 } receive access-group	IPv4, IPv6 Standard, extended	Interface ACLs and rACLs

The following table summarizes details of ACL types not discussed in the current unit, as they differ significantly from ACLs applied to interfaces and at global configuration level.

Table 2. Other ACL applications
Target/type	Description	Created with	Applied with	Types supported	Notes
ACL-RL	Support rate-limiting and policing; can also protect against denial of service (DOS) attacks.	{ ip \| ipv6 } access-list	match access-group acl-name	IPv4 Standard, extended	The mirror keyword is not supported. Applied from class-map configuration mode.
IP broadcast ACLs (bACLs)	Identify directed broadcast and network-address traffic by the specified subnets, and filter traffic on the corresponding VRF.	{ ip \| ipv6 } access-list	ip subnet-broadcast-acl acl-name	IPv4 Standard, extended	Apply the ACL at device level, interface level, or VE level.
PBR	If an incoming packet matches an ACL rule, can modify default routing behavior, for example, by changing the destination port.	{ ip \| ipv6 } access-list	match {ip\|ipv6} address acl acl-name	IPv4, IPv6 Standard, extended	The mirror keyword is not supported. Applied from route-map configuration mode.
Management information base (MIB)	The SNMP agent supports Get, Get-next, and Get-bulk requests for L2 ACLs on the BROCADE-ACL-MIB.	mac access-list	mac access-group	MAC Standard, extended	Refer to Extreme SLX-OS MIB Reference.