Acl Ids And Entries; Enabling Support For Additional Acl Statements - Dell PowerConnect B-RX Configuration Manual

Standard or extended ACLs can be numbered or named. Standard ACLs are numbered from 1 – 99,
extended ACLs are numbered 100 – 199. Super ACLs may be assigned numbered IDs only, from
500 - 599. IDs for standard or extended ACLs can also be a character string (named). In this
document, an ACL with a string ID is called a named ACL.

ACL IDs and entries

ACLs consist of ACL IDs and ACL entries:
•
•
You configure ACLs on a global basis, then apply them to the incoming traffic on specific ports. You
can apply only one ACL to a port's inbound traffic. The software applies the entries within an ACL in
the order they appear in the ACL's configuration. As soon as a match is found, the software takes
the action specified in the ACL entry (for example, permit or deny the packet) and stops further
comparison for that packet.

Enabling support for additional ACL statements

You can enable support for additional ACL statements if the BigIron RX has enough space for a
startup-config file that contains the ACLs. Enter the following command at the Global CONFIG level
of the CLI.
BigIron RX(config)# system-max ip-filter-sys 5000
Syntax: [no] system-max ip-filter-sys <num>
Enter up to 8000 for <num>. The default is 4000 statements.
You can load ACLs dynamically by saving them in an external configuration file on a flash card or a
TFTP server, then loading them using one of the following commands:
•
•
•
•
In this case, the ACLs are added to the existing configuration.
BigIron RX Series Configuration Guide
53-1001986-01
ACL ID – An ACL ID is a number from 1 – 99 (standard), 100 – 199 (extended) or 500 – 599
(super) or a character string (super ACLs are numbered only). The ACL ID identifies a collection
of individual ACL entries. When you apply ACL entries to an interface, you do so by applying the
ACL ID that contains the ACL entries to the interface, instead of applying the individual entries
to the interface. This makes it easier to apply large groups of access filters (ACL entries) to
interfaces.
NOTE
This process differs from the process of assigning IP access policies. When you use IP access
policies, you apply the individual policies directly to the interfaces.
ACL entry – An ACL entry contains the filter commands associated with an ACL ID. These are
also called "statements." The maximum number of ACL entries you can configure is a
system-wide parameter and depends on the BigIron RX you are configuring. You can configure
up to the maximum number of entries in any combination in different ACLs. The total number
of entries in all ACLs cannot exceed the system maximum.
copy slot1 | slot2 running <from-name>
ncopy slot1 | slot2 <from-name> running
copy tftp running-config <ip-addr> <filename>
ncopy tftp <ip-addr> <from-name> running-config
ACL IDs and entries
21
517