Little sad that ACL can't be applied to VLAN interfaces until firmware 3.8.5000, can't really use it for L3 without ACLs...
today read release note 3.6.5000 add ACLS , there is no 3.8.5000 ,newest is 3.8.1002 . Anyway before we can get binary patch on newer 3.6.x , we can not upgrade , so still no ACLS
Release 3.6.5000
General Added GA level support for Signal Degradation Monitoring
General Configured DH default key size to 2048
ACLs Added support for UDK
See commands under “Access Control List” section in the User Manual
ACLs Added support for TCP-UDP
See commands under “Access Control List” section in the User Manual
ACLs Added support for ACL remarks
See command “remark” in the User Manual
Table 5 - Ethernet Changes and New Features
Category Description
Changes and New Features
13
Mellanox Technologies Confidential
ACLs Added support for ACL shared counters
See commands “shared-counter” and “clear shared-counter” in the User Manual
ACLs Added support for IPv6
See commands under “Access Control List” section in the User Manual
ACLs Added support for interface VLAN binding point
See command “bind-point rif” in the User Manual
ACLs Added support for L4 port range
ACLs Added support for logging
See the command “access-list log” in the User Manual
ACLs Added support for TCP flags
See the commands “deny/permit (IPv4 TCP ACL rule)” and “deny/permit (IPv6 TCP
ACL rule)” in the User Manual
HLL Added support for HLL
See section “Head-of-Queue Lifetime Limit” in the User Manual
IGMP Querier Added GA support for IGMP Querier
JSON Added support for additional JSON commands
See Appendix “Show Commands Supported by JSON API”
PIM Added GA level support for PIM SSM
Shared Buffers Added support for user mode configuration
Shared Buffers Enhanced and simplified advanced mode configuration
Telemetry Added support for Ethernet thresholds telemetry
UDK Added support for UDK
See section “User Defined Keys” in the User Manual
WebUI Added new IP Interfaces page
See IP Route>IP Interfaces in the WebUI
WebUI Added support for JSON batch commands
ZTP Added support for DHCP based ZTP
See section “Zero-touch Provisioning” in the User Manual