Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S6000 ON

181

182

183

184

185

186

187

188

189

190

Example

Dell# show ip accounting access-list L3-ACL vrf vrf3

Standard Ingress IP access list L3-ACL on vrf3

Total cam count 3

seq 5 permit 10.1.2.0/24 any negotiate 150 monitor 300 count (0 packets)

seq 10 permit 20.1.2.0/24

seq 15 permit 30.1.2.0/24

Dell#

Standard IP ACL Commands

When you create an ACL without any rule and then apply it to an interface, the ACL behavior reects an implicit permit.

The platform supports both Ingress and Egress IP ACLs.

NOTE: Also refer to the Commands Common to all ACL Types and Common IP ACL Commands sections.

deny

To drop packets with a certain IP address, congure a lter.

Syntax

deny {source | any | host {ip-address}} [count [bytes] | log] [dscp value] [ecn

value] [fragments] [monitor [session-ID]] [no-drop] [order]

To remove this lter, you have two choices:

• Use the no seq sequence-number command if you know the lter’s sequence number.

•

Use the no deny {source [mask] | any | host ip-address} command.

Parameters

source Enter the IP address in dotted decimal format of the network from which the packet was

sent.

any Enter the keyword any to specify that all routes are subject to the lter.

host ip-address Enter the keyword host and then enter the IP address to specify a host IP address only.

count (OPTIONAL) Enter the keyword count to count the packets.

bytes (OPTIONAL) Enter the keyword bytes to count the bytes.

log (OPTIONAL) Enter the keyword log to enter ACL matches in the log.

dscp (OPTIONAL) Enter the keyword dcsp to match the IP DSCP values. The range is from 0

to 63.

ecn (OPTIONAL) Enter the keyword ecn to match the ECN bits. The range is from 0 to 3.

order (OPTIONAL) Enter the keyword order to specify the QoS order for the ACL entry. The

range is from 0 to 254 (where 0 is the highest priority and 254 is the lowest; lower-order

numbers have higher priority). If you do not use the keyword order, the ACLs have the

lowest order by default (255).

monitor (OPTIONAL) Enter the keyword monitor then the session–ID to describe the trac

that you want to monitor and the ACL in which you are creating the rule is applied to the

monitored interface. The session–ID range is from 0 to 65535.

188 Access Control Lists (ACL)