D-Link DES-3800 Series Switch User Manual

Open as PDF

of 407

xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch

201

Section 10

ACL

Access Profile Table

Flow Metering Table

CPU Interface Filtering

Access profiles allow you to establish criteria to determine whether or not the Switch will forward packets based on the

information contained in each packet's header. These criteria can be specified on a basis of Packet Content, MAC address, or IP

address.

Due to a chipset limitation, the Switch supports a maximum of 9 access profiles. The rules used to define the access profiles are

limited to a total of 800 rules for the Switch.

There is an additional limitation on how the rules are distributed among the Fast Ethernet and Gigabit Ethernet ports. This

limitation is described as follows: Fast Ethernet ports are limited to 200 rules for each of the three sequential groups of eight ports.

That is, 200 ACL profile rules may be configured for ports 1 to 8. Likewise, 200 rules may be configured for ports 9 to 16, and

another 200 rules for ports 17 to 24. Up to 100 rules may be configured for each Gigabit Ethernet port. The table below provides a

summary of the maximum ACL profile rule limits.

DES-3828/DES-3828DC/DES-3828P DES-3852

Port Numbers

Maximum ACL Profile Rules per

Port Group

1 - 8 200

9 - 16 200

17 - 24 200

25 - 32 200

33 - 40 200

41 - 48 200

49 (Gigabit) 100

50 (Gigabit) 100

51(Gigabit) 100

52(Gigabit) 100

Total Rules 800

It is important to keep this in mind when setting up VLANs as well. Access rules applied to a VLAN require that a rule be created

for each port in the VLAN. For example, let’s say VLAN10 contains ports 2, 11 and 12. If users create an access profile

specifically for VLAN10, users must create a separate rule for each port. Now take into account the rule limit. The rule limit

applies to both port groups 1-8 and 9-16 since VLAN10 spans these groups. One less rule is available for port group 1-8. Two less

rules are available for port group 9-16. In addition, a total of three rules apply to the 800 rule Switch limit.

In the example used above - config access_profile profile_id 1 add access_id 1 ip source_ip 10.42.73.1 port 7 deny – a single

access rule was created. This rule will subtract one rule available for the port group 1 – 8, as well as one rule from the total

available rules.

Port Numbers

Maximum ACL Profile Rules per

Port Group

1 - 8 200

9 – 16 200

17 - 24 200

25 (Gigabit) 100

26 (Gigabit) 100

27(Gigabit) 100

28(Gigabit) 100

Total Rules 800

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

D-Link DES-3800 Series Switch User Manual