Service Manual

ManualsBrandsDell ManualsserversDell Force10 MXL Blade

171

172

173

174

175

176

177

178

179

180

count for that new interval commences from zero. If ACL logging was stopped previously because the configured

threshold is exceeded, it is re-enabled for this new interval.

If ACL logging is stopped because the configured threshold is exceeded, it is re-enabled after the logging interval

period elapses. ACL logging is supported for standard and extended IPv4 ACLs, IPv6 ACLs, and MAC ACLs. You

can configure ACL logging only on ACLs that are applied to ingress interfaces; you cannot enable logging for ACLs

that are associated with egress interfaces.

You can activate flow-based monitoring for a monitoring session by entering the flow-based enable

command in the Monitor Session mode. When you enable this capability, traffic with particular flows that are

traversing through the ingress and egress interfaces are examined and, appropriate ACLs can be applied in both

the ingress and egress direction. Flow-based monitoring conserves bandwidth by monitoring only specified traffic

instead all traffic on the interface. This feature is particularly useful when looking for malicious traffic. It is available

for Layer 2 and Layer 3 ingress and egress traffic. You may specify traffic using standard or extended access-lists.

This mechanism copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port.

The source port is the monitored port (MD) and the destination port is the monitoring port (MG).

Related Commands

permit — configures a MAC address filter to pass packets.

seq — configures a MAC address filter with a specified sequence number.

mac access-list standard

To configure a standard MAC ACL, name a new or existing MAC access control list (MAC ACL) and enter MAC ACCESS LIST mode.

Syntax

mac access-list standard mac-list-name

Parameters

mac-list-name Enter a text string as the name of the standard MAC access list (140 character

maximum).

Defaults Not configured.

Command Modes CONFIGURATION

Command History

Version Description

9.9(0.0) Introduced on the FN IOM.

8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.

Usage Information

The Dell operating system supports one ingress and one egress MAC ACL per interface.

The number of entries allowed per ACL is hardware-dependent. For detailed specification about entries allowed

per ACL, refer to your switch documentation.

The switch supports both ingress and egress ACLs.

Example

Dell(conf)#mac-access-list access-list standard TestMAC

Dell(config-std-macl)#permit 00:00:00:00:00:00 00:00:00:00:ff:ff count

Dell(config-std-macl)#deny any count

176 Access Control Lists (ACL)