Dell Force10 S4810P Configuration Manual page 115
High-density, 1ru 48-port 10gbe switch
Hide thumbs
Also See for Force10 S4810P:
- Manual (60 pages) ,
- Quick start manual (27 pages) ,
- Reference manual (1637 pages)
Table of Contents
Advertisement
The following example illustrates how the
number assigned. In the example, filter 15 was configured before filter 5, but the
displays the filters in the correct order.
FTOS(config-ext-nacl)#seq 15 deny ip host 112.45.0.0 any log
FTOS(config-ext-nacl)#seq 5 permit tcp 12.1.3.45 0.0.255.255 any
FTOS(config-ext-nacl)#show confi
!
ip access-list extended dilling
seq 5 permit tcp 12.1.0.0 0.0.255.255 any
seq 15 deny ip host 112.45.0.0 any log
FTOS(config-ext-nacl)#
Configure filters without sequence number
If you are creating an extended ACL with only one or two filters, you can let FTOS assign a sequence
number based on the order in which the filters are configured. FTOS assigns filters in multiples of 5.
To configure a filter for an extended IP ACL without a specified sequence number, use any or all of the
following commands in the IP ACCESS LIST mode:
Command Syntax
{
|
} {
deny
permit
|
host ip-address
] [
] [
log
order
monitor]
{
|
}
deny
permit
|
any
host ip-address
[
] |
] [
byte
log
order
[
]
fragments
{
|
}
deny
permit
|
any
host ip-address
[
] |
] [
byte
log
order
[
]
fragments
When you use the
many packets match the log entry and at what rate, the CP may become busy as it has to log these packets'
details.
The following example illustrates an extended IP ACL in which the sequence numbers were assigned by
the software. The filters were assigned sequence numbers based on the order in which they were
configured (for example, the first filter was given the lowest sequence number). The
command in the IP ACCESS LIST mode displays the two filters with the sequence numbers 5 and 10.
FTOS(config-ext-nacl)#deny tcp host 123.55.34.0 any
FTOS(config-ext-nacl)#permit udp 154.44.123.34 0.0.255.255 host 34.6.0.0
Command Mode
|
CONFIG-EXT-NACL
any
source mask
} [
[
] |
count
byte
[
]
fragments
{
] |
CONFIG-EXT-NACL
tcp
source mask
}} [
count
] [
monitor]
{
|
CONFIG-EXT-NACL
udp
source mask
}} [
count
] [
monitor]
keyword, CP processor logs details about the packets that match. Depending on how
log
command orders the filters according to the sequence
seq
Purpose
Configure a deny or permit filter to
examine IP packets.
•
Configure a deny or permit filter to
examine TCP packets.
•
Configure a deny or permit filter to
examine UDP packets.
•
show config
log and monitor options are
supported on E-Series only.
log and monitor options are
supported on E-Series only.
log and monitor options are
supported on E-Series only.
show config
Access Control Lists (ACLs) | 115
command
Advertisement
Table of Contents
Troubleshooting
