BigIron RX Series Configuration Guide 51753-1001986-01ACL IDs and entries 21Standard or extended ACLs can be numbered or named. Standard ACLs are numbered from 1 – 99,extended ACLs are numbered 100 – 199. Super ACLs may be assigned numbered IDs only, from500 - 599. IDs for standard or extended ACLs can also be a character string (named). In thisdocument, an ACL with a string ID is called a named ACL.ACL IDs and entriesACLs consist of ACL IDs and ACL entries:• ACL ID – An ACL ID is a number from 1 – 99 (standard), 100 – 199 (extended) or 500 – 599(super) or a character string (super ACLs are numbered only). The ACL ID identifies a collectionof individual ACL entries. When you apply ACL entries to an interface, you do so by applying theACL ID that contains the ACL entries to the interface, instead of applying the individual entriesto the interface. This makes it easier to apply large groups of access filters (ACL entries) tointerfaces.NOTEThis process differs from the process of assigning IP access policies. When you use IP accesspolicies, you apply the individual policies directly to the interfaces.• ACL entry – An ACL entry contains the filter commands associated with an ACL ID. These arealso called “statements.” The maximum number of ACL entries you can configure is asystem-wide parameter and depends on the BigIron RX you are configuring. You can configureup to the maximum number of entries in any combination in different ACLs. The total numberof entries in all ACLs cannot exceed the system maximum.You configure ACLs on a global basis, then apply them to the incoming traffic on specific ports. Youcan apply only one ACL to a port’s inbound traffic. The software applies the entries within an ACL inthe order they appear in the ACL’s configuration. As soon as a match is found, the software takesthe action specified in the ACL entry (for example, permit or deny the packet) and stops furthercomparison for that packet.Enabling support for additional ACL statementsYou can enable support for additional ACL statements if the BigIron RX has enough space for astartup-config file that contains the ACLs. Enter the following command at the Global CONFIG levelof the CLI.BigIron RX(config)# system-max ip-filter-sys 5000Syntax: [no] system-max ip-filter-sys Enter up to 8000 for . The default is 4000 statements.You can load ACLs dynamically by saving them in an external configuration file on a flash card or aTFTP server, then loading them using one of the following commands:• copy slot1 | slot2 running • ncopy slot1 | slot2 running• copy tftp running-config • ncopy tftp running-configIn this case, the ACLs are added to the existing configuration.