Administrator Guide
Topics:
• IP Access Control Lists (ACLs)
• Important Points to Remember
• IP Fragment Handling
• Configure a Standard IP ACL
• Configure an Extended IP ACL
• Configure Layer 2 and Layer 3 ACLs
• Assign an IP ACL to an Interface
• Applying an IP ACL
• Configure Ingress ACLs
• Configure Egress ACLs
• IP Prefix Lists
• ACL Resequencing
• Route Maps
• Logging of ACL Processes
• Flow-Based Monitoring Support for ACLs
• Configuring UDF ACL
• Configuring IP Mirror Access Group
IP Access Control Lists (ACLs)
In Dell Networking switch/routers, you can create two different types of IP ACLs: standard or extended.
A standard ACL filters packets based on the source IP packet. An extended ACL filters traffic based on the following criteria:
• IP protocol number
• Source IP address
• Destination IP address
• Source TCP port number
• Destination TCP port number
• Source UDP port number
• Destination UDP port number
For more information about ACL options, refer to the Dell Networking OS Command Reference Guide.
For extended ACL, TCP, and UDP filters, you can match criteria on specific or ranges of TCP or UDP ports. For extended ACL TCP filters,
you can also match criteria on established TCP sessions.
When creating an access list, the sequence of the filters is important. You have a choice of assigning sequence numbers to the filters as
you enter them, or the Dell Networking Operating System (OS) assigns numbers in the order the filters are created. The sequence
numbers are listed in the display output of the show config and show ip accounting access-list commands.
Ingress and egress Hot Lock ACLs allow you to append or delete new rules into an existing ACL (already written into CAM) without
disrupting traffic flow. Existing entries in the CAM are shuffled to accommodate the new entries. Hot lock ACLs are enabled by default and
support both standard and extended ACLs and on all platforms.
NOTE
: Hot lock ACLs are supported for Ingress ACLs only.
Access Control Lists (ACLs) 111