Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

391

392

393

394

395

396

397

398

399

400

364 PowerConnect B-Series TI24X Configuration Guide

53-1002269-02

Configuring standard numbered ACLs

• Trunk groups

• Virtual routing interfaces

• ACLs on the PowerConnect B-Series TI24X devices apply to all traffic, including management

traffic.

• ACL logging is supported for denied packets and packets that are sent to the CPUto generate

the log if logging is enabled on the port and the ACL that is applied to that port. ACL logging is

not supported for packets that are processed in hardware (permitted packets).

• The number of ACL rules supported per device is listed in Table 54.

• Hardware-based ACLs support only one ACL per port. The ACL of course can contain multiple

entries (rules). For example, hardware-based ACLs do not support ACLs 101 and 102 on port

1, but hardware-based ACLs do support ACL 101 containing multiple entries.

• By default, the first fragment of a fragmented packet received by the device is permitted or

denied using the ACLs, but subsequent fragments of the same packet are forwarded in

hardware. Generally, denying the first fragment of a packet is sufficient, since a transaction

cannot be completed without the entire packet.

• The following ACL features and options are not supported on the PowerConnect B-Series TI24X

devices:

• Applying an ACL on a device that has Super Aggregated VLANs (SAVs) enabled.

• ACL logging – ACL logging is supported for packets that are sent to the CPU for processing

(denied packets). ACL logging is not supported for packets that are processed in hardware

(permitted packets).

• Flow-based ACLs

• PowerConnect B-Series TI24X devices support MAC filters instead of Layer 2 ACLs.

• You can apply an ACL to a port that has TCP SYN protection or ICMP smurf protection, or both,

enabled.

NOTE

PowerConnect B-Series TI24X does not support ACLs on Group VEs, even though the CLI contains

commands for this action.

Configuring standard numbered ACLs

This section describes how to configure standard numbered ACLs with numeric IDs and provides

configuration examples.

Standard ACLs permit or deny packets based on source IP address. You can configure up to 99

standard numbered ACLs. There is no limit to the number of ACL entries an ACL can contain except

for the system-wide limitation. For the number of ACL entries supported on a device, refer to “ACL

IDs and entries” on page 361.

Standard numbered ACL syntax

Syntax: [no] access-list <ACL-num> deny | permit <source-ip> | <hostname> <wildcard> [log]

Syntax: [no] access-list <ACL-num> deny | permit <source-ip>/<mask-bits> | <hostname> [log]