Configure A Standard Ip Acl - Dell Force10 S4810P Configuration Manual

FTOS(conf-ext-nacl)
Note the following when configuring ACLs with the
When an ACL filters packets it looks at the Fragment Offset (FO) to determine whether or not it is a fragment.
Permit ACL line with L3 information only, and the fragments keyword is present:
If a packet's L3 information matches the L3 information in the ACL line, the packet's fragment offset (FO) is
checked.
Deny ACL line with L3 information only, and the fragments keyword is present:
If a packet's L3 information does match the L3 information in the ACL line, the packet's fragment offset (FO) is
checked.

Configure a standard IP ACL

To configure an ACL, use commands in the IP ACCESS LIST mode and the INTERFACE mode. The
following list includes the configuration tasks for IP ACLs:
For a complete listing of all commands related to IP ACLs, refer to the FTOS Command Line Interface
Reference document.
Refer to Configure an extended IP ACL
A standard IP ACL uses the source IP address as its match criterion.
To configure a standard IP ACL, use these commands in the following sequence:
Step Command Syntax
1 ip access-list standard
2
seq
sequence-number
{ [
source
[ [
count
[
fragments
110
| Access Control Lists (ACLs)
• FO = 0 means it is either the first fragment or the packet is a non-fragment.
• FO > 0 means it is dealing with the fragments of the original packet.
• If a packet's FO > 0, the packet is permitted.
• If a packet's FO = 0 , the next ACL entry is processed.
• If a packet's FO > 0, the packet is denied.
• If a packet's FO = 0, the next ACL line is processed.
access-listname
{ deny | permit }
] | any | host
mask ip-address
] | ] [ ] [
byte log order monitor
]
keyword.
fragments
to set up extended ACLs.
Command Mode
CONFIGURATION
CONFIG-STD-NACL
}
]
Purpose
Enter IP ACCESS LIST mode by
naming a standard IP access list.
Configure a drop or forward filter. The
parameters are:
• log and monitor options are
supported on E-Series only.