After a traffic policy is configured on an S series switch, two more ACL rules are occupied based on the display acl resource command output. Why

Packets sent by an S series switch to the CPU for processing and packets for inter-board communication exist on the switch. To prevent these packets from being affected by the traffic policy, the switch delivers two ACL rules before delivering the traffic policy.

