Administrator Guide

Ingress and egress hot lock ACLs allow you to append or delete new rules into an existing ACL (already

Implementing ACL on the Dell

Networking OS

You can assign one IP ACL per interface with the Dell Networking OS. If you do not assign an IP ACL to an

interface, it is not used by the software in any other capacity.

The number of entries allowed per ACL is hardware-dependent. For detailed specification on entries allowed

per ACL, refer to your line card documentation.

If you enable counters on IP ACL rules that are already configured, those counters are reset when a new rule

is inserted or prepended. If a rule is appended, the existing counters are not affected. This is applicable to the

following features:

ACLs and VLANs

There are some differences when assigning ACLs to a VLAN rather than a physical port.

For example, when using a single port-pipe, if you apply an ACL to a VLAN, one copy of the ACL entries is

installed in the ACL CAM on the port-pipe. The entry looks for the incoming VLAN in the packet. Whereas if

you apply an ACL on individual ports of a VLAN, separate copies of the ACL entries are installed for each port

belonging to a port-pipe.

ACL Optimization

If an access list contains duplicate entries, the system deletes one entry to conserve CAM space.

Standard and extended ACLs take up the same amount of CAM space. A single ACL rule uses two CAM entries

whether it is identified as a standard or extended ACL.