User guide
E
XTREME
W
ARE
S
OFTWARE
U
SER
G
UIDE
16-5
U
SING
IP A
CCESS
L
ISTS
M
AXIMUM
E
NTRIES
A maximum of 255 entries with an assigned precedence can be used. In addition to the
255 entries, entries that do not use precedence can also be created, with the following
restrictions:
• A source IP address must use wildcards or be completely specified (32 bit mask).
• The layer 4 source and destination ports must use wildcards or be completely
specified (no ranges).
• No physical source port can be specified.
• Access list rules that apply to all physical ports are implemented on all
BlackDiamond I/O modules.
On a BlackDiamond 6808 switch the maximum number of access list entries is 255
entries per I/O module. One way to economize on the number of entries on a
BlackDiamond switch is to provide a physical ingress port as a component of an access
list rule. In this case, the rule is implemented only on the I/O modules that contain the
specified ports. By restricting rules to specific I/O modules, you can extend the number
of access list rules to 2,040 (255 * 8).
A
CCESS
L
ISTS
FOR
ICMP
Access lists for ICMP traffic processing are handled in a slightly different manner. An
access list for ICMP is only effective for traffic routed by the switch. ICMP traffic may
either be forwarded (routed) by the switch or discarded, but cannot contain options for
assigning a QoS profile. Other included configuration options for filtering ICMP
include:
• IP source and destination address and mask
• ICMP type code
• Physical source port (optional)
• Numbered precedence (optional)