Manualshelf

Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4820T
211212213214215216217218219220
220 | Access Control Lists (ACL)
www.dell.com | support.dell.com
The C-Series and S-Series cannot count both packets and bytes, so when you enter
the
count byte options, only bytes are incremented.
The
monitor option is relevant in the context of flow-based monitoring only. Refer to
the Port Monitoring chapter.
Related
Commands
permit arp
e
Configure a filter that forwards ARP packets meeting this criteria.This command is
supported only on 12-port GE line cards with SFP optics; refer to your line card
documentation for specifications. \
Syntax
permit arp {destination-mac-address mac-address-mask | any} vlan vlan-id {ip-address |
any | opcode code-number} [count [byte] | log] [order] [monitor] [fragments]
To remove this filter, use one of the following:
Use the
no seq sequence-number command syntax if you know the filters
sequence number or
•Use the
no permit arp {destination-mac-address mac-address-mask | any} vlan vlan-id
{
ip-address | any | opcode code-number} command.
Parameters
Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging
instead.
ip access-list extended Create an extended ACL.
permit tcp Assign a permit filter for TCP packets.
permit udp Assign a permit filter for UDP packets.
destination-mac-address
mac-address-mask
Enter a MAC address and mask in the nn:nn:nn:nn:nn format.
For the MAC address mask, specify which bits in the MAC address
must match.
The MAC ACL supports an inverse mask, therefore, a mask of
ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of
00:00:00:00:00:00 only allows entries that match exactly.
any Enter the keyword any to match and drop any ARP traffic on the
interface.
vlan vlan-id Enter the keyword vlan followed by the VLAN ID to filter traffic
associated with a specific VLAN.
Range: 1 to 4094, 1-2094 for ExaScale (can used IDs 1-4094)
To filter all VLAN traffic specify VLAN 1.
ip-address Enter an IP address in dotted decimal format (A.B.C.D) as the target
IP address of the ARP.
opcode code-number Enter the keyword opcode followed by the number of the ARP
opcode.
Range: 1 to 16.