Concept Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S6000 ON

111

112

113

114

115

116

117

118

119

120

seq 35 permit tcp any range www 194 any eq 101

seq 40 permit udp any eq 434 any gt mobile-ip

seq 45 deny udp any eq 53 any lt ntp

Congure Filters, ICMP Packets

To create a lter for ICMP packets with a specied sequence number, use the following commands.

1 Create either an extended IPv4 or IPv6 ACL and assign it a unique name.

CONFIGURATION mode

ip access-list extended access-list-name

ipv6 access-list extended access-list-name

2 Congure an extended IP ACL lter for ICMP packets.

CONFIG-EXT-NACL mode

seq sequence-number {deny | permit} icmp {source mask | any | host ip-address} [count [byte]]

[order] [monitor [session-id]] [fragments]

The ICMP packets cannot be ltered using mirroring ACL.

The following example shows the conguration to lter ICMP packets using IPv4 ACL:

DellEMC(config-ext-nacl)#show config

ip access-list extended icmp

seq 5 permit icmp any any echo count

seq 10 permit icmp any any echo-reply count

seq 15 permit icmp any any host-unreachable count

seq 20 permit icmp any any host-unknown count

seq 25 permit icmp any any network-unknown count

seq 30 permit icmp any any net-unreachable count

seq 35 permit icmp any any packet-too-big count

seq 40 permit icmp any any parameter-problem count

seq 45 permit icmp any any port-unreachable count

seq 50 permit icmp any any source-quench count

seq 55 permit icmp any any time-exceeded count

DellEMC(config-ext-nacl)#show ip accounting access-list

Extended Ingress IP access list icmp on TenGigabitEthernet 1/1/1

Total cam count 11

seq 5 permit icmp any any echo count (50 packets)

seq 10 permit icmp any any echo-reply count (50 packets)

seq 15 permit icmp any any host-unreachable count (50 packets)

seq 20 permit icmp any any host-unknown count (50 packets)

seq 25 permit icmp any any network-unknown count (50 packets)

seq 30 permit icmp any any net-unreachable count (50 packets)

seq 35 permit icmp any any packet-too-big count (50 packets)

seq 40 permit icmp any any parameter-problem count (50 packets)

seq 45 permit icmp any any port-unreachable count (50 packets)

seq 50 permit icmp any any source-quench count (50 packets)

seq 55 permit icmp any any time-exceeded count (50 packets)

The following example shows the conguration to lter ICMPv6 packets using IPv6 ACL:

DellEMC(config-ext-nacl)#show config

ipv6 access-list extended icmp

seq 5 permit icmp any any echo count

seq 10 permit icmp any any echo-reply count

seq 15 permit icmp any any nd-ns count

seq 20 permit icmp any any nd-na count

114

Access Control Lists (ACLs)