Standard Ip Acl Commands - Dell Force10 MXL Blade Reference Manual

Standard IP ACL Commands

deny
Syntax
Parameters
Defaults
Command Modes
98 | Access Control Lists (ACL)
When an ACL is created without any rule and then applied to an interface, ACL behavior reflects an
implicit permit.
The MXL 10/40GbE Switch IO Module platform supports both ingress and egress IP ACLs.
The commands needed to configure a Standard IP ACL are:
• deny
• ip access-list standard
• permit
Note:
See also Commands Common to all ACL Types
Configure a filter to drop packets with a certain IP address.
deny { source [ mask ] | any | host ip-address } [ count [ byte ]] [ dscp value] [ order ] [fragments]
To remove this filter, you have two choices:
• Use the no seq sequence-number command if you know the filter's sequence number.
• Use the no deny { source [ mask ] | any | host ip-address } command.
source
mask
any
host ip-address
count
byte
dscp
order
fragments
Not configured.
CONFIGURATION-IP ACCESS-LIST-STANDARD
Enter the IP address in dotted decimal format of the network from which the
packet was sent.
(OPTIONAL) Enter a network mask in /prefix format (/x) or A.B.C.D. The mask,
when specified in A.B.C.D format, may be either contiguous or non-contiguous
(discontiguous).
any
Enter the keyword to specify that all routes are subject to the filter.
host
Enter the keyword followed by the IP address to specify a host IP address
only.
(OPTIONAL) Enter the keyword
(OPTIONAL) Enter the keyword
(OPTIONAL) Enter the keyword
(OPTIONAL) Enter the keyword
the ACL entry.
Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order
numbers have a higher priority)
Default: If the order keyword is not used, the ACLs have the lowest order by
default (255).
fragments
Enter the keyword
and Common IP ACL
count
to count packets processed by the filter.
byte
to count bytes processed by the filter.
dscp
to match to the IP DSCP values.
order
to specify the QoS order of priority for
to use ACLs to control packet fragments.
Commands.