A named time range can contain up to 10 configured time ranges. Only one
absolute time range can be configured per time range. During the ACL
configuration, you can associate a configured time range with the ACL to
provide additional control over permitting or denying a user access to network
Benefits of using time-based ACLs include:
Providing more control over permitting or denying a user access to
resources, such as an application (identified by an IP address/mask pair and
a port number).
Providing control of logging messages. Individual ACL rules defined within
an ACL can be set to log traffic only at certain times of the day so you can
simply deny access without needing to analyze many logs generated during
What Are the ACL Limitations?
The following limitations apply to ingress and egress ACLs.
Maximum of 100 ACLs.
Maximum rules per ACL is 127.
You can configure mirror or redirect attributes for a given ACL rule, but
The PowerConnect M6220, M6348, M8024, and M8024-k switches
support a limited number of counter resources, so it may not be possible to
log every ACL rule. You can define an ACL with any number of logging
rules, but the number of rules that are actually logged cannot be
determined until the ACL is applied to an interface. Furthermore,
hardware counters that become available after an ACL is applied are not
retroactively assigned to rules that were unable to be logged (the ACL
must be un-applied then re-applied). Rules that are unable to be logged are
still active in the ACL for purposes of permitting or denying a matching
packet. If console logging is enabled and the severity is set to Info (6) or a
lower severity, a log entry may appear on the screen.
The order of the rules is important: when a packet matches multiple rules,
the first rule takes precedence. Also, once you define an ACL for a given
port, all traffic not specifically permitted by the ACL is denied access.
Configuring Access Control Lists