Manualshelf

Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4820T
121122123124125126127128129130
Access Control Lists (ACLs) | 121
!
ip access-list extended dilling
seq 5 permit tcp 12.1.0.0 0.0.255.255 any
seq 15 deny ip host 112.45.0.0 any log
FTOS(config-ext-nacl)#
Configure filters without sequence number
If you are creating an extended ACL with only one or two filters, you can let FTOS assign a sequence
number based on the order in which the filters are configured. FTOS assigns filters in multiples of 5.
To configure a filter for an extended IP ACL without a specified sequence number, use any or all of the
following commands in the IP ACCESS LIST mode:
When you use the
log keyword, CP processor logs details about the packets that match. Depending on how
many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’
details.
The following example illustrates an extended IP ACL in which the sequence numbers were assigned by
the software. The filters were assigned sequence numbers based on the order in which they were
configured (for example, the first filter was given the lowest sequence number). The
show config
command in the IP ACCESS LIST mode displays the two filters with the sequence numbers 5 and 10.
FTOS(config-ext-nacl)#deny tcp host 123.55.34.0 any
FTOS(config-ext-nacl)#permit udp 154.44.123.34 0.0.255.255 host 34.6.0.0
FTOS(config-ext-nacl)#show config
!
ip access-list extended nimule
seq 5 deny tcp host 123.55.34.0 any
seq 10 permit udp 154.44.0.0 0.0.255.255 host 34.6.0.0
FTOS(config-ext-nacl)#
Command Syntax Command Mode Purpose
{deny | permit} {source mask | any
|
host ip-address} [count [byte] |
log ] [order] [monitor] [fragments]
CONFIG-EXT-NACL Configure a deny or permit filter to
examine IP packets.
log and monitor options are
supported on E-Series only.
{deny | permit} tcp {source mask] |
any | host ip-address}} [count
[
byte] | log ] [order] [monitor]
[fragments]
CONFIG-EXT-NACL Configure a deny or permit filter to
examine TCP packets.
log and monitor options are
supported on E-Series only.
{deny | permit} udp {source mask |
any | host ip-address}} [count
[
byte] | log ] [order] [monitor]
[fragments]
CONFIG-EXT-NACL Configure a deny or permit filter to
examine UDP packets.
log and monitor options are
supported on E-Series only.