Configuring the ECN330-switch
158 1553-KDU 137 365 Uen D 2006-06-16
• Each ACL can have up to 32 rules.
• The maximum number of ACLs is also 32. However, due to resource
restrictions, the average number of rules bound the ports should not
exceed 20.
• A mask must be configured for an ACL rule before it can be bound to a
port or set the queue or frame priorities associated with the rule.
• The ECN330-switch does not support the explicit “deny any any” rule for
the egress IP ACL or the egress MAC ACLs. If these rules are included
in an ACL, and an attempt is made to bind the ACL to an interface for
egress checking, the bind operation will fail.
• Egress MAC ACLs only work for destination-mac-known packets, not for
multicast, broadcast, or destination-mac-unknown packets.
• Both a MAC ACL mask and VLAN ACL MAC mask can configure the
VLAN ID field, so the masks may be completely the same. If this
happens, there will be only one copy in database, and deleting either
one of these two entries will remove the mask from database.
VLAN ACL Restrictions
• A VLAN ACL may contain at most one IP-ACL and one MAC-ACL.
• VLAN ACLs only apply to ingress traffic entering member ports within
the bound VLANs.
• VLAN ACLs can only be applied to static VLANs.
• A VLAN which has already been bound by a VLAN ACL cannot
subsequently be bound by another VLAN ACL.
• If a VLAN which has already been bound by a VLAN ACL, is bound by
another VLAN ACL, the newly bound VLAN ACL takes precedence.
• A port may be bound with multiple VLAN ACLs since a port may join
multiple VLANs.
• When a VLAN ACL is bound to a VLAN, this VLAN ACL is bound to all
member ports, either tagged or untagged.
• If a port is bound with both a port-based ACL and a VLAN-based ACL,
mask priority depends on which mask was configured first — the port
ACL Mask or the VLAN ACL Mask.
To Next Page
Loading...
