Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S6100-ON
211212213214215216217218219220
NOTE: For more information, refer to the Flow-based Monitoring section in
the Port Monitoring chapter of the
FTOS Conguration Guide
.
fragments Enter the keyword fragments to use ACLs to control packet fragments.
no-drop Enter the keywords no-drop to match only the forwarded packets.
Defaults Not congured.
Command Modes CONFIGURATION-STANDARD-ACCESS-LIST
Command History
Version Description
9.11(2.0) Added the type parameter to lter the ICMP packets based on the type and code on the
S6000, S6000–ON, S6100–ON, Z9100–ON.
9.8(1.0) Introduced on the Z9100–ON..
9.8(0.0) Added the no-drop parameter.
9.2(1.0) Introduced on the Z9500.
8.3.19.0 Introduced on the S4820T.
8.3.11.1 Introduced on the Z9000.
8.3.7.0 Introduced on the S4810.
8.3.1.0 Added the keyword dscp.
8.2.1.0 Allows ACL control of fragmented packets for IP (Layer 3) ACLs.
8.1.1.0 Introduced on the E-Series ExaScale.
7.4.1.0 Added support for noncontiguous mask and added the monitor option.
6.5.10 Expanded to include the optional QoS order priority for the ACL entry.
Usage Information
The order option is relevant in the context of the Policy QoS feature only. For more information, refer to the
Quality of Service chapter of the FTOS Conguration Guide.
When you use the log option, the CP processor logs details about the packets that match. Depending on how
many packets match the log entry and at what rate, the CP may become busy as it has to log these packets
details.
The monitor option is relevant in the context of ow-based monitoring only. For more information, refer to Port
Monitoring.
NOTE: When ACL logging and byte counters are congured simultaneously, byte counters may display
an incorrect value. Congure packet counters with logging instead.
permit tcp
To pass TCP packets meeting the lter criteria, congure a lter.
Syntax
permit tcp {source mask | any | host ip-address} [bit] [operator port [port]]
{destination mask | any | host ip-address} [bit] [dscp] [operator port [port]]
[count [byte] [order] [fragments] [monitor [session-ID]] [no-drop]
Access Control Lists (ACL) 213