Filter
Top Products
SFTOS Command Reference for the S2410, Version 2.4.1.0 287
This chapter covers the following commands:
• {deny|permit} on page 288
• mac access-list extended on page 290
• mac access-list extended rename on page 291
• mac access-group on page 292
• show mac access-lists on page 292
An Access Control List (ACL) ensures that only authorized users and types of traffic to have
access to specific resources, while blocking unwarranted attempts to reach network resources.
The following conditions pertain to ACLs in SFTOS:
• Maximum of 1064 ACLs, each with a maximum of 64 rules
• ACL configuration for IP packet fragments is not supported.
• The maximum number of rules per ACL translates into the number of hardware classifier
entries used when an ACL is attached to an interface. Increasing these values in the
SFTOS software increases the RAM and NVSTORE usage.
• Wildcard masking for ACLs operates differently from a subnet mask. A wildcard mask is
in essence the inverse of a subnet mask. With a subnet mask, the mask has ones (1's) in
the bit positions that are used for the network address, and has zeros (0's) for the bit
positions that are not used. In contrast, a wildcard mask has (0’s) in a bit position that
must be checked. A ‘1’ in a bit position of the ACL mask indicates the corresponding bit
can be ignored.
For details on using ACL commands, see the Access Control chapter in the SFTOS
Configuration Guide. ACLs factor into quality of service. For more on quality of service
(QoS), see Quality of Service (QoS) Commands on page 275.
Chapter 18 ACL Commands
Note: SFTOS 2.4.1 does not support IP-based ACL commands.