Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S6100-ON

131

132

133

134

135

136

137

138

139

140

Remarks that do not have a corresponding rule are incremented as a rule. These two mechanisms allow remarks to retain their original

position in the list. The following example shows remark 10 corresponding to rule 10 and as such, they have the same number before and

after the command is entered. Remark 4 is incremented as a rule, and all rules have retained their original positions.

Dell(config-ext-nacl)# show config

ip access-list extended test

remark 4 XYZ

remark 5 this remark corresponds to permit any host 1.1.1.1

seq 5 permit ip any host 1.1.1.1

remark 9 ABC

remark 10 this remark corresponds to permit ip any host 1.1.1.2

seq 10 permit ip any host 1.1.1.2

seq 15 permit ip any host 1.1.1.3

seq 20 permit ip any host 1.1.1.4

Dell# end

Dell# resequence access-list ipv4 test 2 2

Dell# show running-config acl

ip access-list extended test

remark 2 XYZ

remark 4 this remark corresponds to permit any host 1.1.1.1

seq 4 permit ip any host 1.1.1.1

remark 6 this remark has no corresponding rule

remark 8 this remark corresponds to permit ip any host 1.1.1.2

seq 8 permit ip any host 1.1.1.2

seq 10 permit ip any host 1.1.1.3

seq 12 permit ip any host 1.1.1.4

Route Maps

Although route maps are similar to ACLs and prex lists in that they consist of a series of commands that contain a matching criterion and

an action, route maps can modify parameters in matching packets.

Implementation Information

ACLs and prex lists can only drop or forward the packet or trac. Route maps process routes for route redistribution. For example, a route

map can be called to lter only specic routes and to add a metric.

Route maps also have an “implicit deny.” Unlike ACLs and prex lists; however, where the packet or trac is dropped, in route maps, if a

route does not match any of the route map conditions, the route is not redistributed.

The implementation of route maps allows route maps with the no match or no set commands. When there is no match command, all trac

matches the route map and the set command applies.

Flow-Based Monitoring Support for ACLs

Flow-based monitoring conserves bandwidth by monitoring only the specied trac instead of all trac on the interface. It is available for

Layer 2 and Layer 3 ingress trac. You can specify trac using standard or extended access-lists. This mechanism copies incoming

packets that matches the ACL rules applied on the ingress port and forwards (mirrors) them to another port. The source port is the

monitored port (MD) and the destination port is the monitoring port (MG).

The port mirroring application maintains and performs all the monitoring operations on the chassis. ACL information is sent to the ACL

manager, which in turn noties the ACL agent to add entries in the CAM area. Duplicate entries in the ACL are not saved.

134

Access Control Lists (ACLs)