D-Link DES-3828 Product Manual - Page 151

DES-3828/DES-3828DC/DES-3828P, DES-3852, Port Numbers, Maximum ACL Profile Rules per, Port Group - des 3828p vlan

Get D-Link DES-3828 - xStack Switch - Stackable PDF manuals and user guides
UPC - 790069276811
View all D-Link DES-3828 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 151 highlights

xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual Command Parameters | offset_64-79 } port [permit {priority {replace_priority} | replace_dscp } | deny | mirror] delete ] create access_profile profile_id ipv6 {class | flowlabel | source_ipv6_mask | destination_ipv6_mask }] config access_profile profile_id add access_id ipv6 {class | flowlabel | source_ipv6 | destionation_ipv6 } port [permit {priority {replace_priority}} | deny] | delete ] Due to a chipset limitation, the Switch supports a maximum of 9 access profiles. The rules used to define the access profiles are limited to a total of 800 rules for the Switch. There is an additional limitation on how the rules are distributed among the Fast Ethernet and Gigabit Ethernet ports. This limitation is described as follows: Fast Ethernet ports are limited up to 200 rules for each of the three sequential groups of eight ports. That is, 200 ACL profile rules may be configured for ports 1 to 8. Likewise, 200 rules may be configured for ports 9 to 16, and another 200 rules for ports 17 to 24. Up to 100 rules may be configured for each Gigabit Ethernet port. The tabled below provide a summary of the maximum ACL profile rule limits. DES-3828/DES-3828DC/DES-3828P DES-3852 Port Numbers 1 - 8 9 - 16 17 - 24 25 - 32 33 - 40 41 - 48 49 (Gigabit) 50 (Gigabit) 51(Gigabit) 52(Gigabit) Total Rules Maximum ACL Profile Rules per Port Group 200 200 200 200 200 200 100 100 100 100 800 Port Numbers 1 - 8 9 - 16 17 - 24 25 (Gigabit) 26 (Gigabit) 27(Gigabit) 28(Gigabit) Total Rules Maximum ACL Profile Rules per Port Group 200 200 200 100 100 100 100 800 It is important to keep this in mind when setting up VLANs as well. Access rules applied to a VLAN require that a rule be created for each port in the VLAN. For example, let's say VLAN10 contains ports 2, 11 and 12. If users create an access profile specifically for VLAN10, users must create a separate rule for each port. Now take into account the rule limit. The rule limit applies to both port groups 1-8 and 9-16 since VLAN10 spans these groups. One less rule is available for port group 1-8. Two less rules are available for port group 9-16. In addition, a total of three rules apply to the 800 rule Switch limit. In the example used above - config access_profile profile_id 1 add access_id 1 ip source_ip 10.42.73.1 port 7 deny - a single access rule was created. This rule will subtract one rule available for the port group 1 - 8, as well as one rule from the total available rules. Each command is listed, in detail, in the following sections. 147

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424
  • 425
  • 426
  • 427
  • 428
  • 429
  • 430
  • 431
  • 432
  • 433
  • 434
  • 435
  • 436
  • 437
  • 438
  • 439
  • 440
  • 441
  • 442
  • 443
  • 444
  • 445
  • 446
  • 447
  • 448
  • 449
  • 450
  • 451
  • 452
xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual
147
Command
Parameters
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex0x0-0xffffffff>} port <portlist> [permit {priority
<value 0-7> {replace_priority} | replace_dscp <value 0-63>} | deny | mirror] delete
<value 1-65535>]
create access_profile
profile_id <value 1-8> ipv6 {class | flowlabel | source_ipv6_mask <ipv6mask> |
destination_ipv6_mask <ipv6mask>}]
config access_profile profile_id
<value 1-8> add access_id <value 1-65535> ipv6 {class <value 0-255> | flowlabel
<hex 0x0-0xfffff> | source_ipv6 <ipv6addr> | destionation_ipv6 <ipv6addr>} port
<port> [permit {priority <value 0-7> {replace_priority}} | deny] | delete <value 1-
65535>]
Due to a chipset limitation, the Switch supports a maximum of 9 access profiles. The rules used to define the access profiles are
limited to a total of 800 rules for the Switch.
There is an additional limitation on how the rules are distributed among the Fast Ethernet and Gigabit Ethernet ports. This limitation
is described as follows: Fast Ethernet ports are limited up to 200 rules for each of the three sequential groups of eight ports. That is,
200 ACL profile rules may be configured for ports 1 to 8. Likewise, 200 rules may be configured for ports 9 to 16, and another 200
rules for ports 17 to 24. Up to 100 rules may be configured for each Gigabit Ethernet port. The tabled below provide a summary of
the maximum ACL profile rule limits.
DES-3828/DES-3828DC/DES-3828P
DES-3852
Port Numbers
Maximum ACL Profile Rules per
Port Group
1 - 8
200
9 - 16
200
17 - 24
200
25 - 32
200
33 - 40
200
41 - 48
200
49 (Gigabit)
100
50 (Gigabit)
100
51(Gigabit)
100
52(Gigabit)
100
Total Rules
800
Port Numbers
Maximum ACL Profile Rules per
Port Group
1 - 8
200
9 – 16
200
17 - 24
200
25 (Gigabit)
100
26 (Gigabit)
100
27(Gigabit)
100
28(Gigabit)
100
Total Rules
800
It is important to keep this in mind when setting up VLANs as well. Access rules applied to a VLAN require that a rule be created for
each port in the VLAN. For example, let’s say VLAN10 contains ports 2, 11 and 12. If users create an access profile specifically for
VLAN10, users must create a separate rule for each port. Now take into account the rule limit. The rule limit applies to both port
groups 1-8 and 9-16 since VLAN10 spans these groups. One less rule is available for port group 1-8. Two less rules are available for
port group 9-16. In addition, a total of three rules apply to the 800 rule Switch limit.
In the example used above - config access_profile profile_id 1 add access_id 1 ip source_ip 10.42.73.1 port 7 deny – a single access
rule was created. This rule will subtract one rule available for the port group 1 – 8, as well as one rule from the total available rules.
Each command is listed, in detail, in the following sections.