Foundry NetIron M2404C and M2404F Metro Access Switches
Configuring ACLs (Rev. 03)
Overview
© 2008 Foundry Networks, Inc
Page 5 of 50
•
Ports 27 and 28 in slot #1.
•
The total number of conditions for a single ACL rule that can be applied to the ports that
are grouped under the same port controller is limited. The limit depends on whether a rate
limit is defined, as well as on patterns used by ACL rules, as described in
Table 3
.
Theoretically, the maximum number of conditions used per ACL is 256. Some features
allocate conditions, the exact number of which depends on the hardware and software
configuration. However, if a rate limit is defined, the rules described in
Table 3
may use up a
substantial part of the maximum number of allowed conditions. Since this number is shared
by all the ports that belong to a port controller, applying rules that are highly ACL-resource
consumptive on one port may prevent adding rules for the same ACL on this or any other
port that is grouped under the same port controller.
•
The following table lists the maximum number of conditions (allowed by the hardware)
per port group.
Table 2 : Resources used up by Port Groups
Port Group
Maximum Number of Conditions Used
1/1/1-1/1/8 256
1/1/9-1/1/16 256
1/1/17-1/1/24 256
1/1/25 128
1/1/26 128
1/1/27
128
1/1/28
128
Figure 1: Ports Grouped Under Port Controllers
Table 3 : Resources Used up by ACL Rules Applied to Interfaces
Rule
Number of Conditions Used
ip access-group
without rate-limit or QoS marking
3
mac access-group
without rate-limit or QoS
marking
1
ip access-group
with rate-limit
4
mac access-group
with rate-limit
2