Dell PowerConnect B-RX Configuration Manual page 591
Bigiron rx series configuration guide v02.7.02
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1458 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
Syntax: [no] access-list <num> deny | permit <source-ip>/<mask-bits> | <hostname> [log]
Syntax: [no] access-list <num> deny | permit host <source-ip> | <hostname> [log]
Syntax: [no] access-list <num> deny | permit any [log]
Syntax: [no] ip access-group <num> in
The 16 x 10 GE module only supports the following standard ACLs.
Syntax: [no] ip access-list <num> deny | permit <ip-protocol>
Parameters to configure standard ACL statements
<num>
deny | permit
<source-ip> | <hostname>
<destination-ip> |
<hostname>
NOTE: To specify the host name instead of the IP address, the host name must be configured using the ip dns
<wildcard>
BigIron RX Series Configuration Guide
53-1001810-01
<source-ip> | <hostname> <wildcard>
[<operator> <source-tcp/udp-port>]
<destination-ip> | <hostname> <wildcard>
[<operator> <destination-tcp/udp-port>]
[match-all <tcp-flags>] [match-any <tcp-flags>]
[<icmp-type>] [established] [precedence <name> | <num>]
Enter 1 – 99 for a standard ACL.
Enter deny if the packets that match the policy are to be dropped; permit if they are
to be forwarded.
Specify the source IP address for the policy. Alternatively, you can specify the host
name. If you want the policy to match on all source addresses, enter any.
Specify the destination IP address for the policy. Alternatively, you can specify the
host name. If you want the policy to match on all destination addresses, enter any.
server-address... command at the global CONFIG level of the CLI.
Specifies the portion of the source IP host address to match against. The <wildcard>
is a four-part value in dotted-decimal notation (IP address format) consisting of ones
and zeros. Zeros in the mask mean the packet's source address must match the
<source-ip>. Ones mean any value matches. For example, the <source-ip> and
<wildcard> values 209.157.22.26 0.0.0.255 mean that all hosts in the Class C
subnet 209.157.22.x match the policy.
If you prefer to specify the wildcard (mask value) in Classless Interdomain Routing
(CIDR) format, you can enter a forward slash after the IP address, then enter the
number of significant bits in the mask. For example, you can enter the CIDR
equivalent of "209.157.22.26 0.0.0.255" as "209.157.22.26/24". The CLI
automatically converts the CIDR number into the appropriate ACL mask (where zeros
instead of ones are the significant bits) and changes the non-significant portion of
the IP address into zeros. For example, if you specify 209.157.22.26/24 or
209.157.22.26 0.0.0.255, then save the changes to the startup-config file, the
value appears as 209.157.22.0/24 (if you have enabled display of subnet lengths)
or 209.157.22.0 0.0.0.255 in the startup-config file.
If you enable the software to display IP subnet masks in CIDR format, the mask is
saved in the file in "/<mask-bits>" format. You can use the CIDR format to configure
the ACL entry regardless of whether the software is configured to display the masks
in CIDR format.
NOTE: If you use the CIDR format, the ACL entries appear in this format in the
Configuring numbered and named ACLs
running-config and startup-config files, but are shown with subnet mask in
the display produced by the show access-list command.
21
519
Advertisement
Table of Contents
