| Security Measures
C
14
HAPTER
Access Control Lists
S
A T
ETTING
IME
R
ANGE
C
U
OMMAND
SAGE
The following restrictions apply to ACLs:
The maximum number of ACLs is 128.
◆
The maximum number of rules per system is 512 rules.
◆
An ACL can have up to 64 rules. However, due to resource restrictions,
◆
the average number of rules bound to the ports should not exceed 20.
The order in which active ACLs are checked is as follows:
User-defined rules in IP and MAC ACLs for ingress ports are checked in
1.
parallel.
Rules within an ACL are checked in the configured order, from top to
2.
bottom.
If the result of checking an IP ACL is to permit a packet, but the result
3.
of a MAC ACL on the same packet is to deny it, the packet will be
denied (because the decision to deny a packet has a higher priority for
security reasons). A packet will also be denied if the IP ACL denies it
and the MAC ACL accepts it.
Use the Security > ACL (Configure Time Range) page to sets a time range
during which ACL functions are applied.
CLI R
EFERENCES
"Time Range" on page 648
◆
P
ARAMETERS
These parameters are displayed:
Add
Time-Range Name – Name of a time range. (Range: 1-30 characters)
◆
Add Rule
Time-Range – Name of a time range.
◆
Mode
◆
Absolute – Specifies a specific time or time range.
■
Start/End – Specifies the hours, minutes, month, day, and year
■
at which to start or end.
Periodic – Specifies a periodic interval.
■
Start/To – Specifies the days of the week, hours, and minutes
■
at which to start or end.
– 322 –