Dell PowerConnect M6220 Configuration Guide - Page 92
MAC ACLs, Egress ACLs support IP Protocol/Destination, IP Address Source/Destination
![]() |
View all Dell PowerConnect M6220 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 92 highlights
Furthermore, hardware counters that become available after an ACL is applied are not retroactively assigned to rules that were unable to be logged (the ACL must be un-applied then re-applied). Rules that are unable to be logged are still active in the ACL for purposes of permitting or denying a matching packet. • The order of the rules is important: when a packet matches multiple rules, the first rule takes precedence. Also, once you define an ACL for a given port, all traffic not specifically permitted by the ACL is denied access. NOTE: Although the maximum number of ACLs is 100, and the maximum number of rules per ACL is 12, the system cannot support 100 ACLs that each have 12 rules. Egress ACL Limitations Egress ACLs have some additional limitations. The following limitations apply to egress ACLs only: • Egress ACLs support IP Protocol/Destination, IP Address Source/Destination, L4 Source/Destination port, IP DSCP, IP ToS, and IP precedence match conditions only. • MAC ACLs are not supported in the egress direction. • Egress ACLs only support Permit/Deny Action. Logging, mirroring and redirect action are not supported. • Only one Egress ACL can be applied on an interface. The ACL can have multiple rules to classify flows and apply permit/deny action. • If the Egress ACLs have "over-lapping" rules, then there can be undesired behavior. This limitation is only applicable if the conflicting ACLs are within the same unit. The restriction is explained below: - ACL 1: permit tcp destination port 3000; deny all - ACL 2: drop ip source 10.1.1.1; permit all - ACL 1 is applied on port 1 and ACL 2 is applied on port 2. Due to this limitation, all the packets egressing port 2 with Source IP 10.1.1.1 and tcp source port 3000 will be permitted even though they should be dropped. MAC ACLs MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a packet: • Source MAC address • Source MAC mask • Destination MAC address • Destination MAC mask • VLAN ID • Class of Service (CoS) (802.1p) • Ethertype 92 Device Security
![](/manual_guide/products/dell-powerconnect-m6220-configuration-guide-92971e5/92.png)