Dell S5148F-ON OS10 Enterprise Edition User Guide Release 10.3.2E-R1 - Page 372
Assign sequence number to filter, User-provided sequence number, Auto-generated sequence number
![]() |
View all Dell S5148F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 372 highlights
To log all packets denied and to override the implicit deny rule and the implicit permit rule for TCP/ UDP fragments, use a similar configuration. When an ACL filters packets, it looks at the FO to determine whether it is a fragment: • FO = 0 means it is either the first fragment or the packet is a non-fragment • FO > 0 means it is the fragments of the original packet Assign sequence number to filter IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. Traffic passes through the filter by filter sequence. Configure the IP ACL by first entering IP ACCESS-LIST mode and then assigning a sequence number to the filter. User-provided sequence number • Enter IP ACCESS LIST mode by creating an IP ACL in CONFIGURATION mode. ip access-list access-list-name • Configure a drop or forward filter in IPV4-ACL mode. seq sequence-number {deny | permit | remark} {ip-protocol-number | icmp | ip | protocol | tcp | udp} {source prefix | source mask | any | host} {destination mask | any | host ip-address} [count [byte]] [fragments] Auto-generated sequence number If you are creating an ACL with only one or two filters, you can let the system assign a sequence number based on the order in which you configure the filters. The system assigns sequence numbers to filters using multiples of ten values. • Configure a deny or permit filter to examine IP packets in IPV4-ACL mode. {deny | permit} {source mask | any | host ip-address} [count [byte]] [fragments] • Configure a deny or permit filter to examine TCP packets in IPV4-ACL mode. {deny | permit} tcp {source mask] | any | host ip-address}} [count [byte]] [fragments] • Configure a deny or permit filter to examine UDP packets in IPV4-ACL mode. {deny | permit} udp {source mask | any | host ip-address}} [count [byte]] [fragments] Assign sequence number to filter OS10(config)# ip access-list acl1 OS10(conf-ipv4-acl)# seq 5 deny tcp any any capture session 1 count View ACLs and packets processed through ACL OS10# show ip access-lists in Ingress IP access-list acl1 Active on interfaces : ethernet1/1/5 seq 5 permit ip any any count (10000 packets) L2 and L3 ACLs Configure both L2 and L3 ACLs on an interface in L2 mode. Rules apply if you use both L2 and L3 ACLs on an interface. • L3 ACL filters packets and then the L2 ACL filters packets • Egress L3 ACL filters packets Rules apply in order: 372 Access Control Lists
![](/manual_guide/products/dell-powerswitch-s5148fon-os10-enterprise-edition-user-guide-release-1032er1-6fa6c40/372.png)