Manualshelf

API Guide

ManualsBrandsDell ManualsAccess PlatformsEMC Networking MX9116n
1111111211131114111511161117111811191120
4. Create the rules for the access-list in ACCESS-LIST mode.
seq 10 deny ip any any count fragment
Apply rules to ACL filter
OS10(config)# interface ethernet 1/1/29
OS10(conf-if-eth1/1/29)# ip access-group egress out
OS10(conf-if-eth1/1/29)# exit
OS10(config)# ip access-list egress
OS10(conf-ipv4-acl)# seq 10 deny ip any any count fragment
View IP ACL filter configuration
OS10# show ip access-lists out
Egress IP access-list abcd
Active on interfaces :
ethernet1/1/29
seq 10 deny ip any any fragment count (100 packets)
VTY ACLs
To limit Telnet and SSH connections to the switch, apply access lists on a virtual terminal line (VTY). See Virtual terminal line
ACLs for more information.
For VTY ACLs, there is no implicit deny rule. If none of the configured conditions match, the default behavior is to permit. If you
need to deny traffic that does not match any of the configured conditions, explicitly configure a deny statement.
SNMP ACLs
To filer SNMP requests on the switch, assign access lists to an SNMP community. Both IPv4 and IPv6 access lists are
supported to restrict IP source addresses. See Restrict SNMP access for more information.
Clear access-list counters
Clear IPv4, IPv6, or MAC access-list counters for a specific access-list or all lists. The counter counts the number of packets
that match each permit or deny statement in an access-list. To get a more recent count of packets matching an access-list,
clear the counters to start at zero. If you do not configure an access-list name, all IP access-list counters clear.
To view access-list information, use the show access-lists command.
Clear IPv4 access-list counters in EXEC mode.
clear ip access-list counters access-list-name
Clear IPv6 access-list counters in EXEC mode.
clear ipv6 access-list counters access-list-name
Clear MAC access-list counters in EXEC mode.
clear mac access-list counters access-list-name
IP prefix-lists
IP prefix-lists control the routing policy. An IP prefix-list is a series of sequential filters that contain a matching criterion and an
permit or deny action to process routes. The filters process in sequence so that if a route prefix does not match the criterion in
the first filter, the second filter applies, and so on.
1120
Access Control Lists