D-Link DES-3550 Command Line Interface Reference Manual page 207

Due to a chipset limitation, the Switch supports a maximium of 9 access profiles. The rules used to define the access profiles
are limited to a total of 800 rules for the Switch.
There is an additional limitation on how the rules are distributed among the Fast Ethernet and Gigabit Ethernet ports. This
limitation is described as follows: Fast Ethernet ports are limited to 200 rules for each of the three sequential groups of eight
ports. That is, 200 ACL profile rules may be configured for ports 1 to 8. Likewise, 200 rules may be configured for ports 9 to
16, another 200 rules for ports 17 to 24, another 200 for ports 25 to 32 and so on. Up to 100 rules may be configured for each
Gigabit Ethernet port. The total number of rules configured for the whole Switch however, cannot exceed 800. The table
below provides a summary of the maximum ACL profile rule limits.
Port Numbers
1 - 8
9 – 16
17 - 24
25 - 32
33 - 40
41 - 48
49 (Gigabit)
50 (Gigabit)
It is important to keep this in mind when setting up VLANs as well. Access rules applied to a VLAN require that a rule be
created for each port in the VLAN. For example, let's say VLAN10 contains ports 2, 11 and 12. If you create an access profile
specifically for VLAN10, you must create a seperate rule for each port. Now take into account the rule limit. The rule limit
applies to both port groups 1-8 and 9-16 since VLAN10 spans these groups. One less rule is available for port group 1-8. Two
less rules are available for port group 9-16. In addition, a total of three rules apply to the 800 rule Switch limit.
In the example used above - config access_profile profile_id 1 add access_id 1 ip source_ip 10.42.73.1 port 7 deny – a single
access rule was created. This rule will subtract one rule available for the port group 1 – 8, as well as one rule from the total
available rules.
DES-3550 Layer 2 Fast Ethernet Switch
Maximum ACL Profile Rules per Port Group
200
200
200
200
200
200
100
100
203