Dell MXL 10GbE Reference Manual page 263

You cannot include IP, TCP, or UDP (Layer 3) filters in an ACL configured with ARP
or Ether-type (Layer 2) filters. Apply Layer 2 ACLs to interfaces in Layer 2 mode.
When the configured maximum threshold is exceeded, generation of logs is
stopped. When the interval at which ACL logs are configured to be recorded
expires, the subsequent, fresh interval timer is started and the packet count for that
new interval commences from zero. If ACL logging was stopped previously
because the configured threshold is exceeded, it is re-enabled for this new interval.
If ACL logging is stopped because the configured threshold is exceeded, it is re-
enabled after the logging interval period elapses. ACL logging is supported for
standard and extended IPv4 ACLs, IPv6 ACLs, and MAC ACLs. You can configure
ACL logging only on ACLs that are applied to ingress interfaces; you cannot enable
logging for ACLs that are associated with egress interfaces.
You can activate flow-based monitoring for a monitoring session by entering the
flow-based enable command in the Monitor Session mode. When you enable
this capability, traffic with particular flows that are traversing through the ingress
and egress interfaces are examined and, appropriate ACLs can be applied in both
the ingress and egress direction. Flow-based monitoring conserves bandwidth by
monitoring only specified traffic instead all traffic on the interface. This feature is
particularly useful when looking for malicious traffic. It is available for Layer 2 and
Layer 3 ingress and egress traffic. You may specify traffic using standard or
extended access-lists. This mechanism copies all incoming or outgoing packets on
one port and forwards (mirrors) them to another port. The source port is the
monitored port (MD) and the destination port is the monitoring port (MG).
seq
Assign a sequence number to a deny or permit filter in an extended IP access list while creating the filter.
Syntax
seq sequence-number {deny | permit} {source [mask] | any | host
ip-address}} [count [byte] [dscp value] [order] [fragments]
[log [interval minutes] [threshold-in-msgs [count] [monitor]
Parameters
sequence-
number
deny
permit
source
Access Control Lists (ACL)
NOTE: When ACL logging and byte counters are configured simultaneously,
byte counters may display an incorrect value. Configure packet counters with
logging instead.
Enter a number from 0 to 4294967290. The range is from 0
to 65534.
Enter the keyword deny to configure a filter to drop packets
meeting this condition.
Enter the keyword permit to configure a filter to forward
packets meeting this criteria.
Enter an IP address in dotted decimal format of the network
from which the packet was received.
263