Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N3000 Series
671672673674675676677678679680
Access Control Lists 673
ACLs may be used to control traffic at Layer 2, Layer 3, or Layer 4. MAC
ACLs contain packet match criteria based on Layer-2 fields in Ethernet
frames. IP ACLs contain packet match criteria based on Layer-3 and Layer-4
fields in the packet. Dell EMC Networking N-Series switches
support both
IPv4 and IPv6 ACLs and supports ACLs applied to up to 24 VLAN interfaces.
ACL Counters
Matching rules in an ACL are counted. The counts may be displayed using
the show ip access-list or show mac access-list commands. For ACL counters,
if an ACL rule is configured without a rate-limit, the counter value is the
count of the permitted or denied packets. (Example: If a burst of 100
matching packets is received, the counter value is 100.)
If an ACL rule is configured with a rate limit, the counter value will be the
matched packet count. If the received traffic rate exceeds the configured
limit, the counters still display matched packet count despite the packets
which exceed the configured limit since match criteria is met. For example, if
the rate limit is set to 10 Kbps and ‘matching’ traffic is received at 100 Kbps,
the counters reflect the 100 Kbps value. If the received traffic rate is less than
the configured limit, the counters display only the matched packet count.
ACL counters do not interact with DiffServ policies.
What Are MAC ACLs?
MAC ACLs are Layer-2 ACLs. MAC ACLs can filter on the following fields of
a packet:
Source MAC address
Source MAC mask
Destination MAC address
Destination MAC mask
VLAN ID
Class of Service (CoS) (802.1p)
EtherType