White Papers

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S6000 ON

121

122

123

124

125

126

127

128

129

130

DellEMC# resequence access-list ipv4 test 2 2

DellEMC# show running-config acl

ip access-list extended test

remark 2 XYZ

remark 4 this remark corresponds to permit any host 1.1.1.1

seq 4 permit ip any host 1.1.1.1

remark 6 this remark has no corresponding rule

remark 8 this remark corresponds to permit ip any host 1.1.1.2

seq 8 permit ip any host 1.1.1.2

seq 10 permit ip any host 1.1.1.3

seq 12 permit ip any host 1.1.1.4

Route Maps

Although route maps are similar to ACLs and prex lists in that they consist of a series of commands that contain a matching criterion and

an action, route maps can modify parameters in matching packets.

Implementation Information

ACLs and prex lists can only drop or forward the packet or trac. Route maps process routes for route redistribution. For example, a route

map can be called to lter only specic routes and to add a metric.

Route maps also have an “implicit deny.” Unlike ACLs and prex lists; however, where the packet or trac is dropped, in route maps, if a

route does not match any of the route map conditions, the route is not redistributed.

The implementation of route maps allows route maps with the no match or no set commands. When there is no match command, all trac

matches the route map and the set command applies.

Flow-Based Monitoring

Flow-based monitoring conserves bandwidth by monitoring only the specied trac instead of all trac on the interface. It is available for

Layer 3 ingress and known unicast egress trac. You can specify the trac that needs to be monitored using standard or extended

access-lists. The ow-based monitoring mechanism copies packets that matches the ACL rules applied on the port and forwards (mirrors)

them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG).

When a packet arrives at a port that is being monitored, the packet is validated against the congured ACL rules. If the packet matches an

ACL rule, the system examines the corresponding ow processor to perform the action specied for that port. If the mirroring action is set

in the ow processor entry, the destination port details, to which the mirrored information must be sent, are sent to the destination port.

Behavior of Flow-Based Monitoring

You can activate ow-based monitoring for a monitoring session using the flow-based enable command in the Monitor Session mode.

When you enable this ow-based monitoring, trac with particular ows that are traversing through the interfaces are examined in

accordance with the applied ACLs. By default, ow-based monitoring is not enabled.

There are two ways in which you can enable ow-based monitoring in Dell EMC Networking OS. You can create an ACL and apply that ACL

either to an interface that needs to be monitored or apply it in the monitor session context. If you apply the monitor ACL to an interface,

the Dell EMC Networking OS mirrors the ingress trac with an implicit deny applied at the end of the ACL. If you apply the ACL to the

monitor section context, the Dell EMC Networking OS mirrors the ingress and known unicast egress trac with an implicit permit applied

at the end of the ACL. This enables the other trac to ow without being blocked by the ACL.

When you apply an ACL within the monitor session, it is applied to all source interfaces congured in the monitor session.

124

Access Control Lists (ACLs)