Configuring Switch Information 277Defining IP based ACLsAccess Control Lists (ACL), which are comprised of Access Control Entries (ACE), allow networkmanagers to define classification actions and rules for specific ingress ports. Packets entering an ingressport, with an active ACL, are either admitted or denied entry and the ingress port is disabled. If they aredenied entry, the user can disable the port.For example, a network administrator defines an ACL rule that states, port number 20 can receiveTCP packets, however, if a UDP packet is received, the packet is dropped.ACLs are composed of access control entries (ACEs) that are made of the filters that determine trafficclassifications. Each ACE is a rule, and there are 256 rules available. But rules are not only used for userconfiguration purposes, they are also used for features like DHCP Snooping, Protocol Group VLAN andPVE, so not all 256 will be available for ACEs. It is expected that you will have at least 124 rules available.If you find that there are less rules available, this may be due to DHCP Snooping. You can redue thenumber of entries in DHCP Snooping configuration in order to free rules for ACE’s.To define IP based ACLs, click Switch→ Network Security→ IP Based ACL. IFigure 7-9. Network Security - IP Based ACL