What are the acl limitations – Dell POWEREDGE M1000E User Manual

Page 547

Advertising
background image

Configuring Access Control Lists

547

A named time range can contain up to 10 configured time ranges. Only one

absolute time range can be configured per time range. During the ACL

configuration, you can associate a configured time range with the ACL to

provide additional control over permitting or denying a user access to network

resources.
Benefits of using time-based ACLs include:

• Providing more control over permitting or denying a user access to

resources, such as an application (identified by an IP address/mask pair and

a port number).

• Providing control of logging messages. Individual ACL rules defined within

an ACL can be set to log traffic only at certain times of the day so you can

simply deny access without needing to analyze many logs generated during

peak hours.

What Are the ACL Limitations?

The following limitations apply to ingress and egress ACLs.

• Maximum of 100 ACLs.
• Maximum rules per ACL is 127.
• You can configure mirror or redirect attributes for a given ACL rule, but

not both.

• The PowerConnect M6220, M6348, M8024, and M8024-k switches

support a limited number of counter resources, so it may not be possible to

log every ACL rule. You can define an ACL with any number of logging

rules, but the number of rules that are actually logged cannot be

determined until the ACL is applied to an interface. Furthermore,

hardware counters that become available after an ACL is applied are not

retroactively assigned to rules that were unable to be logged (the ACL

must be un-applied then re-applied). Rules that are unable to be logged are

still active in the ACL for purposes of permitting or denying a matching

packet. If console logging is enabled and the severity is set to Info (6) or a

lower severity, a log entry may appear on the screen.

• The order of the rules is important: when a packet matches multiple rules,

the first rule takes precedence. Also, once you define an ACL for a given

port, all traffic not specifically permitted by the ACL is denied access.

Advertising
Popular Brands
Popular manuals