Dell PowerConnect M6348 Configuration Guide - Page 107

Limitations The following limitations apply to ingress and egress ACLs. • Maximum of 100 ACLs. • Maximum rules per ACL is 127. • You can configure mirror or redirect attributes for a given ACL rule, but not both. • The PowerConnect M6220/M6348/M8024 switches support a limited number of counter resources, so it may not be possible to log every ACL rule. You can define an ACL with any number of logging rules, but the number of rules that are actually logged cannot be determined until the ACL is applied to an interface. Furthermore, hardware counters that become available after an ACL is applied are not retroactively assigned to rules that were unable to be logged (the ACL must be un-applied then reapplied). Rules that are unable to be logged are still active in the ACL for purposes of permitting or denying a matching packet. • The order of the rules is important: when a packet matches multiple rules, the first rule takes precedence. Also, once you define an ACL for a given port, all traffic not specifically permitted by the ACL is denied access. NOTE: Although the maximum number of ACLs is 100, and the maximum number of rules per ACL is 127, the system cannot support 100 ACLs that each have 127 rules. MAC ACLs MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a packet: • Source MAC address • Source MAC mask • Destination MAC address • Destination MAC mask • VLAN ID • Class of Service (CoS) (802.1p) • Ethertype L2 ACLs can apply to one or more interfaces. Multiple access lists can be applied to a single interface; sequence number determines the order of execution. You can assign packets to queues using the assign queue option. Device Security 107