Dell PowerConnect B-RX Configuration Manual page 619
Bigiron rx series configuration guide v02.8.00
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1436 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
Most of the keywords in this syntax are self-explanatory, and work the same way as the keywords
IPv4 and MAC ACLs. The QoS options are also similar to those in the IPv4 ACL, however, in super
ACL the three QoS marking modes are grouped under the keyword qos-marking to simplify the
syntax.
General parameters for super ACLs
The following parameters apply to super ACLs:
num
deny | permit
any
log
src-mac
dst-mac
NOTE: To specify the host name instead of the IP address, the host name must be configured using the ip dns
vlan-id
ip-pkt-len <pkt-len>
ip-fragment-match
<ip-protocol>
<sip>
<dip>
BigIron RX Series Configuration Guide
53-1002253-01
vlan-id <vlan-id> |
ip-pkt-len <pkt-len> |
ip-fragment-match {[fragment [fragment-offset <0 - 8191>]] | [non-fragment] |
[first-fragment]} |
ip-protocol <ip-protocol> |
sip {<source-ip>/<source-ip-mask-len> | host <hostname>} |
dip {<destination-ip>/<destination-ip-len> | host <hostname>} |
sp <operator> <source-tcp/udp-port> |
dp <operator> <destination-tcp/udp-port> |
icmp-detail <icmp-type-code> |
dscp-matching <0 – 63> |
802.1p-priority-matching <0 - 7> |
ipsec-spi <00000000 - ffffffff> |
qos-marking {[dscp <0 - 63> 802.1p-priority-marking <0 - 7> internal-priority-marking <0 -
7>] |
[dscp <0 - 63> dscp-cos-mapping] | [use-packet-dscp dscp-cos-mapping]} | tcp-flags
{[match-all <tcp flags>] | [match-any <tcp flags>] | [established]} |
<tcp flags> = [{+|-}urg] [{+|-}ack] [{+|-}psh] [{+|-}rst] [{+|-}syn] [{+|-}fin]
<icmp-type-code> = <type> <code> | <well-known type/code>
The ACL ID. Enter 500 – 599 for super ACLs.
Enter deny if the packets that match the policy are to be dropped; permit if they are
to be forwarded.
Matches any packet
Enables logging for denied packets. ACL logging is disabled by default; it must be
explicitly enabled on a port.
NOTE: Logging is not currently supported on management interfaces.
Specifies the source MAC address for the policy. Alternatively, you can specify the
host name. If you want the policy to match on all source addresses, enter any.
Specifies the destination MAC address for the policy. Alternatively, you can specify
the host name. If you want the policy to match on all destination addresses, enter
any.
server-address... command at the global CONFIG level of the CLI.
Specifies the VLAN id
Specifies the IP packet length to be matched.
Enables IP fragment matching.
Specifies the IP protocols to be matched.
Enables packet matching based on specific IP source addresses.
Enables packet matching based on specified IP destination addresses.
Configuring numbered and named ACLs
21
543
Advertisement
Table of Contents
