Dell S6000 FTOS 9.0(2.0) Command Line Reference Guide for the System - Page 117
Standard IP ACL Commands, deny
View all Dell S6000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 117 highlights
Table 6-1. show ip accounting access-lists Command Example Field Field "seq 5..." "order 4" Description Displays the filter. If the keywords count or byte were configured in the filter, the number of packets or bytes processed by the filter is displayed at the end of the line. Displays the QoS order of priority for the ACL entry. Standard IP ACL Commands When an ACL is created without any rule and then applied to an interface, ACL behavior reflects an implicit permit. s platforms (except the S4810) support Ingress IP ACLs only. The S6000 and Z9000 support both Ingress and Egress IP ACLs. The commands needed to configure a Standard IP ACL are: • deny • ip access-list standard • permit • resequence access-list • resequence prefix-list ipv4 • seq Note: See also Commands Common to all ACL Types and Common IP ACL Commands. deny s z S6000 Configure a filter to drop packets with a certain IP address. Syntax deny {source [mask] | any | host ip-address} [count [byte] ] [dscp value] [order] [fragments] To remove this filter, you have two choices: • Use the no seq sequence-number command syntax if you know the filter's sequence number or • Use the no deny {source [mask] | any | host ip-address} command. Parameters source mask any host ip-address Enter the IP address in dotted decimal format of the network from which the packet was sent. (OPTIONAL) Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in A.B.C.D format, may be either contiguous or non-contiguous (discontiguous). Enter the keyword any to specify that all routes are subject to the filter. Enter the keyword host followed by the IP address to specify a host IP address only. Access Control Lists (ACL) | 117