Dell Force10 S25N-S50N FTOS Command Line Reference Guide FTOS 8.4.2.7 E-Series - Page 229
range, deny udp, count, order, monitor, fragments, Related, Commands, Syntax, Parameters
View all Dell Force10 S25N-S50N manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 229 highlights
For example, an ACL rule with TCP port range 4000 - 8000 uses 8 entries in the CAM: Rule# Data Mask From To #Covered 1 0000111110100000 1111111111100000 4000 4031 32 2 0000111111000000 1111111111000000 4032 4095 64 3 0001000000000000 1111100000000000 4096 6143 2048 4 0001100000000000 1111110000000000 6144 7167 1024 5 0001110000000000 1111111000000000 7168 7679 512 6 0001111000000000 1111111100000000 7680 7935 256 7 0001111100000000 1111111111000000 7936 7999 64 8 0001111101000000 1111111111111111 8000 8000 1 Total Ports: 4001 But an ACL rule with TCP port lt 1023 takes only one entry in the CAM: Rule# Data Mask From To #Covered 1 0000000000000000 1111110000000000 0 1023 1024 Total Ports: 1024 Related Commands deny deny udp Assign a filter to deny IP traffic. Assign a filter to deny UDP traffic. deny udp c e s Configure a filter to drop UDP packets meeting the filter criteria. Syntax deny udp {source mask | any | host ip-address} [operator port [port]] {destination mask | any | host ip-address} [dscp] [operator port [port]] [count [byte] | log] [order] [monitor] [fragments] To remove this filter, you have two choices: • Use the no seq sequence-number command syntax if you know the filter's sequence number or • Use the no deny udp {source mask | any | host ip-address} {destination mask | any | host ip-address} command. Parameters source mask any host ip-address dscp Enter the IP address of the network or host from which the packets were sent. Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous. Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address. Enter this keyword to deny a packet based on DSCP value. Range: 0-63 Access Control Lists (ACL) | 229