Dell S4048T Configuration Manual page 167

operations. This functionality is primarily needed for network supervision and maintenance activities of the
handled subscriber traffic.
When ACL logging is configured, and a frame reaches an ACL-enabled interface and matches the ACL, a log
is generated to indicate that the ACL entry matched the packet.
When you enable ACL log messages, at times, depending on the volume of traffic, it is possible that a large
number of logs might be generated that can impact the system performance and efficiency. To avoid an
overload of ACL logs from being recorded, you can configure the rate-limiting functionality. Specify the
interval or frequency at which ACL logs must be triggered and also the threshold or limit for the maximum
number of logs to be generated. If you do not specify the frequency at which ACL logs must be generated, a
default interval of 5 minutes is used. Similarly, if you do not specify the threshold for ACL logs, a default
threshold of 10 is used, where this value refers to the number of packets that are matched against an ACL .
A Layer 2 or Layer 3 ACL contains a set of defined rules that are saved as flow processor (FP) entries. When
you enable ACL logging for a particular ACL rule, a set of specific ACL rules translate to a set of FP entries.
You can enable logging separately for each of these FP entries, which relate to each of the ACL entries
configured in an ACL. Dell Networking OS saves a table that maps each ACL entry that matches the ACL
name on the received packet, sequence number of the rule, and the interface index in the database. When
the configured maximum threshold has exceeded, log generation stops. When the interval at which ACL logs
are configured to be recorded expires, a fresh interval timer starts and the packet count for that new interval
commences from zero. If ACL logging was stopped previously because the configured threshold has
exceeded, it is reenabled for this new interval.
The ACL application sends the ACL logging configuration information and other details, such as the action,
sequence number, and the ACL parameters that pertain to that ACL entry. The ACL service collects the ACL
log and records the following attributes per log message.
• For non-IP packets, the ACL name, sequence number, ACL action (permit or deny), source and
destination MAC addresses, EtherType, and ingress interface are the logged attributes.
• For IP Packets, the ACL name, sequence number, ACL action (permit or deny), source and destination
MAC addresses, source and destination IP addresses, and the transport layer protocol used are the
logged attributes.
• For IP packets that contain the transport layer protocol as Transmission Control Protocol (TCP) or User
Datagram Protocol (UDP), the ACL name, sequence number, ACL action (permit or deny), source and
destination MAC addresses, source and destination IP addresses, and the source and destination ports
(Layer 4 parameters) are also recorded.
If the packet contains an unidentified EtherType or transport layer protocol, the values for these parameters
are saved as Unknown in the log message. If you also enable the logging of the count of packets in the ACL
entry, and if the logging is deactivated in a specific interval because the threshold has exceeded, the count of
packets that exceeded the logging threshold value during that interval is recorded when the subsequent log
record (in the next interval) is generated for that ACL entry.
Access Control Lists (ACLs) 167