Owner's Manual
Chapter 13. ACLs | 335
NETGEAR 8800 User Manual
• Slice D (F1=anything, F2=anything, F3=anything)
• VRRP - 2 slices, 2 rules
• Slice A (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=packet-type)
• Slice A or B (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=anything)
• IPv6 - 2 slices, 3 rules
• Slice A or B (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=anything)
• Slice (F1=Port-list, F2=DIPv6, IPv6 Next Header Field, TC, F3=anything)
• Netlogin - 1 slice, 1 rule
• Slice A or B (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=anything)
• VLAN Mirroring - 1 slice, n rules (n VLANs)
• Slice E (F1=Port-list, F2=MACDA, MACSA, Etype, VID, F3=anything)
• Unicast Multiport FDB
• 1 slice, 1+n rules in 24 port and 10G4Xa and 10G4Ca cards
• 1 slice, 2+ n rules in 48 port and G48Ta, G48Xa, G48Te, G48Pe cards
• VLAN Aggregation
• 1 slice, 4 rules for the first subvlan configured and 1 slice, 2 rules for subsequent
subvlan configuration
• Private VLAN
• 2 slices, 3 rules when adding an non-isolated VLAN with loop-back port a to private
VLAN
• 1 slice, 3 rules when adding an isolated subscriber VLAN (without loopback port) to a
private VLAN. 3 additional rules when a loopback port is configured in the above
isolated subscriber VLAN
To display the number of slices used by the ACLs on the slices that support a particular port,
use the following command:
show access-list usage acl-slice port <port>
To display the number of rules used by the ACLs on the slices that support a particular port,
use the following command:
show access-list usage acl-rule port <port>
To display the number of Layer 4 ranges used by the ACLs on the slices that support a
particular port, use the following command:
show access-list usage acl-range port <port>
System Configuration Example
The following example shows incremental configurations and their corresponding ACL
resource consumption.
• Default configuration including: dot1p examination and IGMP snooping:
• 2 slices, 10 rules