Table of Contents
Advertisement
classifier rule. The ACL logging feature allows these hardware hit counts to be
collected on a per-rule basis and reported periodically to the network
administrator using the system logging facility and an SNMP trap.
The Dell EMC Networking ACL syntax supports a log parameter that enables
hardware hit count collection and reporting. A five minute logging interval is
used, at which time trap log entries are written for each ACL logging rule that
accumulated a nonzero hit count during that interval. The logging interval is
not user configurable.
How to Build ACLs
This section describes how to build ACLs that are less likely to exhibit false
matches.
Administrators are cautioned to specify ACL access-list, permit and deny rule
criteria as fully as is possible in order to avoid false matches. As an example,
rules that specify a TCP or UDP port value should also specify the TCP or
UDP protocol and the IPv4 or IPv6 Ether type. Rules that specify an IP
protocol should also specify the Ether type value for the frame. In general, any
rule that specifies matching on an upper layer protocol field should also
include matching constraints for each of the lower layer protocols. For
example, a rule to match packets directed to the well-known UDP port
number 22 (SSH) should also include matching constraints on the IP
protocol field (protocol = 0x11 or UDP) and the Ether type field (Ether type
= 0x0800 or IPv4). In Table 3-1 is a list of commonly used Ether types and, in
Table 3-2 commonly used IP protocol numbers.
261
Layer 2 Switching Commands
Advertisement
Table of Contents
