SMC Networks SMC6724L3 Management Manual page 361

There are three filtering modes:
• Standard IP ACL mode (STD-ACL) filters packets based on the source
IP address.
• Extended IP ACL mode (EXT-ACL) filters packets based on source or
destination IP address, as well as protocol type and TCP/UDP port
number. If the TCP protocol type is specified, then you can also filter
packets based on the TCP control code.
• MAC ACL mode (MAC-ACL) filters packets based on the source or
destination MAC address and the Ethernet frame type (RFC 1060).
The following restrictions apply to ACLs:
• Each ACL can have up to 32 rules.
• The maximum number of ACLs is also 32.
• However, due to resource restrictions, the average number of rules
bound to the ports should not exceed 20.
• The switch does not support the explicit "deny any any" rule for the IP
ACL or MAC ACL. If these rules are included in an ACL, and you
attempt to bind the ACL to an interface, the bind operation will fail.
• An access list can only contain all permit rules or all deny rules. In other
words, for performance reasons, you cannot mix permit and deny rules
in the same list.
The order in which active ACLs are checked is as follows:
1. User-defined rules in the MAC ACL.
2. User-defined rules in the IP ACL.
3. Explicit default rule (permit any any) in the IP ACL.
4. Explicit default rule (permit any any) in the MAC ACL.
5. If no explicit rule is matched, the implicit default is permit all.
A C
CCESS ONTROL
L C
IST OMMANDS
4-75