A
CCESS
C
ONTROL
L
IST
C
OMMANDS
4-113
number. If the TCP protocol is specified, then you can also filter
packets based on the TCP control code.
The following restrictions apply to ACLs:
• Each ACL can have up to 32 rules.
• The maximum number of ACLs is also 88.
• However, due to resource restrictions, the average number of rules
bound the ports should not exceed 20.
• The switch does not support the explicit “deny any any” rule for the
egress IP ACL. If these rules are included in an ACL, and you attempt
to bind the ACL to an interface for egress checking, the bind operation
will fail.
The order in which active ACLs are checked is as follows:
1. User-defined rules in the Egress IP ACL for egress ports.
2. Explicit default rule (permit any any) in the ingress IP ACL for ingress
ports.
3. If no explicit rule is matched, the implicit default is permit all.
Table 4-33 Access Control List Commands
Command Groups Function Page
IP ACLs Configure ACLs based on IP addresses, TCP/
UDP port number, protocol type, and TCP control
code
4-114
ACL Information Display ACLs and associated rules; shows ACLs
assigned to each port
4-122