Dell Networking N4000 Series Configuration Manual page 590
Stackable layer 2 and 3 switches
Hide thumbs
Also See for Networking N4000 Series:
- Getting started manual (378 pages) ,
- Configuration manual (17 pages) ,
- Reference manual (2332 pages)
Table of Contents
Advertisement
•
The order of the rules is important: when a packet matches multiple rules,
the first rule takes precedence. Once a packet has matched a rule, the
corresponding action is taken and no further attempts to match the packet
are made. Also, once you define an ACL for a given port, all traffic not
specifically permitted by the ACL is denied access.
•
Egress (out) ACLs only affect switched/routed traffic. They have no effect
on packets generated locally by the switch, e.g., LACPDUs or spanning
tree BPDUs.
•
Ingress ACLs filter packets before they are processed by the switching
fabric. Egress ACLs filter packets after they have been processed by the
switching fabric.
•
User-defined ingress ACLs are prioritized before system ACLs. User-
defined ingress ACLs that match control plane packets such as BPDUs
interfere with switch operation.
•
Port ranges are not supported for egress ACLs for either IPv4 or IPv6 ACLs.
•
The fragments and routing keywords are not supported for egress IPv6
ACLs. The fragments keywords is not supported on IPv4 egress ACLs.
•
On the N4000 switches, the IPv6 ACL routing keyword is not supported
when any IPv6 address is specified. The routing keyword is not support for
IPv4 ACLs.
•
On the N4000 switches, the IPv6 ACL fragment keyword matches only on
the first two IPv6 extension headers for the fragment header (next header
code 44). If the fragment header appears in the third or subsequent header,
it is not matched
•
On the N2000 and N3000 switches, the IPv6 ACL fragment keyword
matches only on the first IPv6 extension header (next header code 44). If
the fragment header appears in the second or subsequent header, it is not
matched.
•
The IPv6 ACL routing keyword matches only on the first IPv6 extension
header (next header code 43). If the fragment header appears in the
second or subsequent header, it is not matched.
NOTE:
The actual number of ACLs and rules supported depends on the
resources consumed by other processes and configured features running on the
switch.
590
Configuring Access Control Lists
Hide quick links:
Advertisement
Table of Contents
