Users Guide

Usage Information

At a maximum, there can be only 32 VLAN members in all ACL VLAN groups. A VLAN

can belong to only one group at any given time.

You can create an ACL VLAN group and attach the ACL with the VLAN members. The

optimization is applicable only when you create an ACL VLAN group. If you apply an

ACL separately on the VLAN interface, each ACL has a mapping with the VLAN and

increased CAM space utilization occurs.

Attaching an ACL individually to VLAN interfaces is similar to the behavior of ACL-VLAN

mapping storage in CAM prior to the implementation of the ACL VLAN group

functionality.

ip access-group

Apply an egress IP ACL to the ACL VLAN group.

Syntax

ip access-group {group name} out implicit-permit

Parameters

group-name Enter the name of the ACL VLAN group where you want the

egress IP ACLs applied, up to 140 characters.

out Enter the keyword out to apply the ACL to outgoing traffic.

implicit-permit

Enter the keyword implicit-permit to change the default

action of the ACL from implicit-deny to implicit-permit (that is, if

the traffic does not match the filters in the ACL, the traffic is

permitted instead of dropped).

Default None

Command Modes CONFIGURATION (conf-acl-vl-grp)

Command History

This guide is platform-specific. For command information about other platforms, see

the relevant Dell Networking OS Command Line Reference Guide.

Version Description

9.10(0.1) Introduced on the S6010-ON and S4048T-ON.

9.8(0.0P5) Introduced on the S4048-ON.

9.8(0.0P2) Introduced on the S3048-ON.

9.3.(0.0) Introduced on the S4810, S4820T, and Z9000 platforms.

Usage Information You can apply only an egress IP ACL on an ACL VLAN group.

Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) 404