Configuring Super Acls - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series supporting multi-service ironware v02.7.03
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1458 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
21
Configuring numbered and named ACLs
Syntax: [no] ip access-group <num> in
The options at the ACL configuration level and the syntax for the ip access-group command are the
same for numbered and named ACLs and are described in
on page 523.
Configuring super ACLs
This section describes how to configure super ACLs with numeric IDs.
•
•
•
Super ACLs can match on fields in a Layer 2 or Layer 4 packet header. You can configure up to 99
super ACLs, using the number range 500 - 599. For the number of ACL entries supported on a
BigIron RX, refer to
Super ACL syntax is keyword-based. You specify the conditions to match as keyword-value pairs.
Each keyword-value pair (called a "match-item") specifies a field in the packet header (L2, L3 or L4)
to be checked, and gives the allowable value for this field. Fields not specified are called "don't
care" fields, and are considered to be matched. The match-items may be specified in any order
with one exception: because of its variable length, tcp-flags must be specified as the last item in a
filter. The complete syntax of super ACLs is described in the next section.
NOTE
Super ACLs are not supported on management interfaces or outbound ACLs on RX-BI-16XG (16 x 10
GE) interfaces.
Super ACL filters
Some super ACL filters are shown in the following examples.
The following filter denies IPv4 TCP packets.
BigIron RX(config)#access-list 500 deny ip-protocol tcp
The following filter denies any packet with a source MAC address of 0000.0000.0011 and a source
IP address from 30.30.30.0 to 30.30.30.255.
BigIron RX(config)#access-list 500 deny src-mac 0000.0000.0011
The following filter denies any IPv4 packet passing through the interface.
BigIron RX(config)#access-list 500 deny any
Super ACL syntax
Syntax: [no] access-list <num> deny | permit |
534
For configuration information on named ACLs, refer to
named ACLs"
on page 531.
For configuration information on extended ACLs, refer to
ACLs"
on page 523.
Egress Super ACLs are not supported on the RX-BI=16XG (16 x 10 GE) modules
"ACL IDs and entries"
ffff.ffff.ffff. sip 30.30.30.0/24
any |
log |
src-mac <src-mac> <mask> |
dst-mac <dst-mac> <mask> |
"Configuring extended numbered ACLs"
"Configuring standard or extended
"Configuring extended numbered
on page 517.
BigIron RX Series Configuration Guide
53-1001986-01
Advertisement
Chapters
Table of Contents
