Layer 4 Acl Rules Examples - Dell Force10 MXL Blade Configuration Manual
Configuration guide for the mxl 10/40gbe switch io module
Hide thumbs
Also See for Force10 MXL Blade:
- Reference manual (732 pages) ,
- Deployment manual (89 pages) ,
- Getting started manual (38 pages)
Table of Contents
Advertisement
To deny second/subsequent fragments, use the same rules in a different order. These ACLs deny all second
& subsequent fragments with destination IP 10.1.1.1 but permit the first fragment & non fragmented
packets with destination IP 10.1.1.1
Figure 5-3. Deny Second Packets
FTOS(conf)#ip access-list extended ABC
FTOS(conf-ext-nacl)#deny ip any 10.1.1.1/32 fragments
FTOS(conf-ext-nacl)#permit ip any 10.1.1.1/32
FTOS(conf-ext-nacl)
Layer 4 ACL Rules Examples
In
Figure
5-4, first fragments or non-fragmented TCP packets from 10.1.1.1 with TCP destination port
equal to 24 are permitted. All other fragments are denied.
Figure 5-4. Layer 4 ACL Rules
FTOS(conf)#ip access-list extended ABC
FTOS(conf-ext-nacl)#permit tcp host 10.1.1.1 any eq 24
FTOS(conf-ext-nacl)#deny ip any any fragment
FTOS(conf-ext-nacl)
In
(Figure
5-5), TCP packets that are first fragments or non-fragmented from host 10.1.1.1 with TCP
destination port equal to 24 are permitted. Additionally, all TCP non-first fragments from host 10.1.1.1 are
permitted. All other IP packets that are non-first fragments are denied.
Figure 5-5. TCP Packets
FTOS(conf)#ip access-list extended ABC
FTOS(conf-ext-nacl)#permit tcp host 10.1.1.1 any eq 24
FTOS(conf-ext-nacl)#permit tcp host 10.1.1.1 any fragment
FTOS(conf-ext-nacl)#deny ip any any fragment
FTOS(conf-ext-nacl)
(Figure
5-3).
Access Control Lists (ACLs) | 75
- Quick Links:
- Accessing the Command Line
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
