Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4112F-ON/S4112T-ON

1471

App Allocated pools App group Configured rules Used rows Free

rows Max rows

-----------------------------------------------------------------------------------------

--------------

USER_L2_ACL_EGRESS Shared:1 G1 1 2

254 256

USER_IPV4_EGRESS Shared:1 G0 1 2

254 256

USER_IPV6_EGRESS Shared:2 G2 1 2

254 256

Known behavior

● On the S4200-ON platform, the show acl-table-usage detail command output lists several hardware pools as

available (FREE), but you will see an "ACL CAM table full" warning log when the system creates a new service pool. The

system will not be able to create any new service pools. The existing groups, however, can continue to grow up to the

maximum available pool space.

● On the S4200-ON platform, the show acl-table usage detail command output lists all the available hardware pools

under Ingress ACL utilization table and none under the Egress ACL utilization table. The system allocates pool space for

Egress ACL table only when you configure Egress ACLs. You can run the show acl-table-usage detail command

again to view pool space allocated under Egress ACL utilization table as well.

● On S52xx-ON, Z91xx-ON, Z92xx-ON platforms, the number of Configured Rules listed under Service Pools for each of the

features is the number of ACLs multiplied by the number of ports on which they are applied. This number is cumulative. You

can view the Used rows and Free rows that indicate the actual amount of space that is utilized and available in the hardware.

ACL logging

You can configure ACLs to filter traffic, drop, or forward packets that match certain conditions. The ACL logging feature allows

you to get additional information about packets that match an access control entry (ACE) applied on an interface in inbound

direction.

ACL logging helps to administer and manage traffic that traverses your network and is useful for network supervision and

maintenance activities. High volumes of network traffic can result in large volume of logs, which can negatively impact system

performance and efficiency. You can configure the log update threshold, logging interval, and logging rate limit to reduce impact

on device CPU load.

This feature is applicable only for IP user ACLs and control-plane ACLs.

Important notes

The ACL logging feature is:

● Applicable only for IPv4 and IPv6 user ACLs and control-plane ACLs. MAC ACLs are not logged.

● Applicable only for IP user ACLs or control-plane ACLs applied on interfaces in the inbound direction. Even though ACL

logging cannot be enabled for outbound ACLs, ACL configuration is applied.

● ACL logging is not supported for control-plane ACL data.

For IP user ACLs, Dell Technologies recommends a maximum scale of 128 log-enabled ACL entries. If logging cannot be enabled

on further ACL entries, a syslog error message appears to indicate that logging cannot be enabled. However, the ACL entries

are applied.

IP ACL logging

The IP ACL logging feature allows you to monitor the user-created ACL flows and log packets that match ACEs applied on an

interface in inbound direction. To control the volume of logs, specify the threshold after which a log is created and the interval

at which the logs must be created.

You can specify the threshold after which a log is created and the interval at which the logs must be created. The threshold

defines how often a log message is created after an initial packet match. The default threshold is 10 messages. This value is

configurable, and the range is from 1 to 100 messages.

1474

Access Control Lists