D-Link DES-3828 Product Manual - Page 151
DES-3828/DES-3828DC/DES-3828P, DES-3852, Port Numbers, Maximum ACL Profile Rules per, Port Group - des 3828p vlan
UPC - 790069276811
View all D-Link DES-3828 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 151 highlights
xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual Command Parameters | offset_64-79 } port [permit {priority {replace_priority} | replace_dscp } | deny | mirror] delete ] create access_profile profile_id ipv6 {class | flowlabel | source_ipv6_mask | destination_ipv6_mask }] config access_profile profile_id add access_id ipv6 {class | flowlabel | source_ipv6 | destionation_ipv6 } port [permit {priority {replace_priority}} | deny] | delete ] Due to a chipset limitation, the Switch supports a maximum of 9 access profiles. The rules used to define the access profiles are limited to a total of 800 rules for the Switch. There is an additional limitation on how the rules are distributed among the Fast Ethernet and Gigabit Ethernet ports. This limitation is described as follows: Fast Ethernet ports are limited up to 200 rules for each of the three sequential groups of eight ports. That is, 200 ACL profile rules may be configured for ports 1 to 8. Likewise, 200 rules may be configured for ports 9 to 16, and another 200 rules for ports 17 to 24. Up to 100 rules may be configured for each Gigabit Ethernet port. The tabled below provide a summary of the maximum ACL profile rule limits. DES-3828/DES-3828DC/DES-3828P DES-3852 Port Numbers 1 - 8 9 - 16 17 - 24 25 - 32 33 - 40 41 - 48 49 (Gigabit) 50 (Gigabit) 51(Gigabit) 52(Gigabit) Total Rules Maximum ACL Profile Rules per Port Group 200 200 200 200 200 200 100 100 100 100 800 Port Numbers 1 - 8 9 - 16 17 - 24 25 (Gigabit) 26 (Gigabit) 27(Gigabit) 28(Gigabit) Total Rules Maximum ACL Profile Rules per Port Group 200 200 200 100 100 100 100 800 It is important to keep this in mind when setting up VLANs as well. Access rules applied to a VLAN require that a rule be created for each port in the VLAN. For example, let's say VLAN10 contains ports 2, 11 and 12. If users create an access profile specifically for VLAN10, users must create a separate rule for each port. Now take into account the rule limit. The rule limit applies to both port groups 1-8 and 9-16 since VLAN10 spans these groups. One less rule is available for port group 1-8. Two less rules are available for port group 9-16. In addition, a total of three rules apply to the 800 rule Switch limit. In the example used above - config access_profile profile_id 1 add access_id 1 ip source_ip 10.42.73.1 port 7 deny - a single access rule was created. This rule will subtract one rule available for the port group 1 - 8, as well as one rule from the total available rules. Each command is listed, in detail, in the following sections. 147