Licensing Requirements and Limitations for Packet Filtering

Other network elements are not required.

Packet filtering is a basic feature of a switch and is not under license control.

All models of S2720, S5700, and S6700 series switches support packet filtering.

For details about software mappings, visit Hardware Query Tool and search for the desired product model.

When permit and other actions are configured in a traffic behavior, these actions are performed in sequence. The deny action conflicts with other actions in a traffic behavior. When deny is configured, other configured actions, except traffic statistics collection and flow mirroring, do not take effect.
If you specify a packet filtering action for packets matching an ACL rule, the system first checks the action defined in the ACL rule. If the ACL rule defines permit, the action taken for the packets depends on whether deny or permit is specified in the traffic behavior. If the ACL rule defines deny, the packets are discarded regardless of whether deny or permit is configured in the traffic behavior. If a non-packet-filtering action is specified for packets matching an ACL rule that defines deny, the packets are discarded, and the actions specified in the traffic classifier, except disabling MAC address learning, traffic statistics collection, and flow mirroring, do not take effect.