Mac Acls - Dell PowerConnect M6220 Configuration Manual

Configuration guide

Hide thumbs Also See for PowerConnect M6220:

User configuration manual (1294 pages)

Getting started manual (182 pages)

Configuration manual (1246 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

page of 126

/ 126
Contents
Table of Contents
Bookmarks

Table of Contents

Furthermore, hardware counters that become available after an ACL is applied are not retroactively

assigned to rules that were unable to be logged (the ACL must be un-applied then re-applied). Rules

that are unable to be logged are still active in the ACL for purposes of permitting or denying a

matching packet.

•

The order of the rules is important: when a packet matches multiple rules, the first rule takes

precedence. Also, once you define an ACL for a given port, all traffic not specifically permitted by the

ACL is denied access.

NOTE:

Although the maximum number of ACLs is 100, and the maximum number of rules per ACL is 12, the system

cannot support 100 ACLs that each have 12 rules.

Egress ACL Limitations

Egress ACLs have some additional limitations. The following limitations apply to egress ACLs only:

•

Egress ACLs support IP Protocol/Destination, IP Address Source/Destination, L4 Source/Destination

port, IP DSCP, IP ToS, and IP precedence match conditions only.

•

MAC ACLs are not supported in the egress direction.

•

Egress ACLs only support Permit/Deny Action. Logging, mirroring and redirect action are not

supported.

•

Only one Egress ACL can be applied on an interface. The ACL can have multiple rules to classify flows

and apply permit/deny action.

•

If the Egress ACLs have "over-lapping" rules, then there can be undesired behavior. This limitation is

only applicable if the conflicting ACLs are within the same unit. The restriction is explained below:

–

ACL 1: permit tcp destination port 3000; deny all

–

ACL 2: drop ip source 10.1.1.1; permit all

–

ACL 1 is applied on port 1 and ACL 2 is applied on port 2. Due to this limitation, all the packets

egressing port 2 with Source IP 10.1.1.1 and tcp source port 3000 will be permitted even though

they should be dropped.

MAC ACLs

MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a packet:

•

Source MAC address

•

Source MAC mask

•

Destination MAC address

•

Destination MAC mask

•

VLAN ID

•

Class of Service (CoS) (802.1p)

•

Ethertype

Device Security

Table of Contents

Show Quick Links

Quick Links:
System Configuration

Hide quick links:

Table of Contents

Mac Acls - Dell PowerConnect M6220 Configuration Manual

MAC ACLs

Hide quick links:

Related Manuals for Dell PowerConnect M6220

Related Content for Dell PowerConnect M6220

Table of Contents