98 | Access Control Lists (ACL)
www.dell.com | support.dell.com
Standard IP ACL Commands
When an ACL is created without any rule and then applied to an interface, ACL behavior reflects an
implicit permit.
The MXL 10/40GbE Switch IO Module platform supports both ingress and egress IP ACLs.
The commands needed to configure a Standard IP ACL are:
• deny
• ip access-list standard
• permit
deny
Configure a filter to drop packets with a certain IP address.
Syntax
deny {source [mask] | any | host ip-address} [count [byte]] [dscp value] [order] [fragments]
To remove this filter, you have two choices:
• Use the no seq sequence-number command if you know the filter’s sequence number.
• Use the no deny {source [mask] | any | host ip-address} command.
Parameters
Defaults
Not configured.
Command Modes
CONFIGURATION-IP ACCESS-LIST-STANDARD
Note: See also Commands Common to all ACL Types and Common IP ACL Commands.
source
Enter the IP address in dotted decimal format of the network from which the
packet was sent.
mask
(OPTIONAL) Enter a network mask in /prefix format (/x) or A.B.C.D. The mask,
when specified in A.B.C.D format, may be either contiguous or non-contiguous
(discontiguous).
any Enter the keyword any to specify that all routes are subject to the filter.
host ip-address Enter the keyword host followed by the IP address to specify a host IP address
only.
count (OPTIONAL) Enter the keyword count to count packets processed by the filter.
byte (OPTIONAL) Enter the keyword byte to count bytes processed by the filter.
dscp (OPTIONAL) Enter the keyword dscp to match to the IP DSCP values.
order (OPTIONAL) Enter the keyword order to specify the QoS order of priority for
the ACL entry.
Range: 0-254 (where 0 is the highest priority and 254 is the lowest; lower order
numbers have a higher priority)
Default: If the order keyword is not used, the ACLs have the lowest order by
default (255).
fragments
Enter the keyword fragments to use ACLs to control packet fragments.
To Next Page
Loading...
