Dell PowerConnect 6248 Configuration Guide - Page 113
MAC ACLs, Egress ACLs support IP Protocol/Destination, IP Address Source/Destination
View all Dell PowerConnect 6248 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 113 highlights
Egress ACL Limitations Egress ACLs have some additional limitations. The following limitations apply to egress ACLs only: • Egress ACLs support IP Protocol/Destination, IP Address Source/Destination, L4 Source/Destination port, IP DSCP, IP ToS, and IP precedence match conditions only. • MAC ACLs are not supported in the egress direction. • Egress ACLs only support Permit/Deny Action. Logging, mirroring and redirect action are not supported. • Only one Egress ACL can be applied on an interface. The ACL can have multiple rules to classify flows and apply permit/deny action. • If the Egress ACLs have "over-lapping" rules, then there can be undesired behavior. This limitation is only applicable if the conflicting ACLs are within the same unit. The restriction is explained below: - ACL 1: permit tcp destination port 3000; deny all - ACL 2: drop ip source 10.1.1.1; permit all - ACL 1 is applied on port 1 and ACL 2 is applied on port 2. Due to this limitation, all the packets egressing port 2 with Source IP 10.1.1.1 and tcp source port 3000 will be permitted even though they should be dropped. MAC ACLs MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a packet: • Source MAC address • Source MAC mask • Destination MAC address • Destination MAC mask • VLAN ID • Class of Service (CoS) (802.1p) • Ethertype L2 ACLs can apply to one or more interfaces. Multiple access lists can be applied to a single interface; sequence number determines the order of execution. You can assign packets to queues using the assign queue option. Device Security 113