Dell Force10 S25N-S50N FTOS Command Line Reference Guide FTOS 8.4.2.7 E-Series - Page 231
ip access-list extended
View all Dell Force10 S25N-S50N manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 231 highlights
The C-Series and S-Series cannot count both packets and bytes, so when you enter the count byte options, only bytes are incremented. The monitor option is relevant in the context of flow-based monitoring only. See the Chapter 44, Port Monitoring. Note: When ACL logging and byte counters are configured simultaneously, byte counters may display an incorrect value. Configure packet counters with logging instead. Most ACL rules require one entry in the CAM. However, rules with TCP and UDP port operators (gt, lt, range) may require more than one entry. The range of ports is configured in the CAM based on bit mask boundaries; the space required depends on exactly what ports are included in the range. For example, an ACL rule with TCP port range 4000 - 8000 will use 8 entries in the CAM: Rule# Data Mask From To #Covered 1 0000111110100000 1111111111100000 4000 4031 32 2 0000111111000000 1111111111000000 4032 4095 64 3 0001000000000000 1111100000000000 4096 6143 2048 4 0001100000000000 1111110000000000 6144 7167 1024 5 0001110000000000 1111111000000000 7168 7679 512 6 0001111000000000 1111111100000000 7680 7935 256 7 0001111100000000 1111111111000000 7936 7999 64 8 0001111101000000 1111111111111111 8000 8000 1 Total Ports: 4001 But an ACL rule with TCP port lt 1023 takes only one entry in the CAM: Rule# Data Mask From To #Covered 1 0000000000000000 1111110000000000 0 1023 1024 Total Ports: 1024 Related Commands deny deny tcp Assign a deny filter for IP traffic. Assign a deny filter for TCP traffic. ip access-list extended c e s Name (or select) an extended IP access list (IP ACL) based on IP addresses or protocols. Syntax ip access-list extended access-list-name To delete an access list, use the no ip access-list extended access-list-name command. Parameters access-list-name Enter a string up to 140 characters long as the access list name. Defaults All access lists contain an implicit "deny any"; that is, if no match occurs, the packet is dropped. Command Modes CONFIGURATION Access Control Lists (ACL) | 231