Users Guide
Total Ports: 1024
Related Commands
deny — assigns a lter to deny IP trac.
deny tcp — assigns a lter to deny TCP trac.
ip access-list extended
Name (or select) an extended IP access list (IP ACL) based on IP addresses or protocols.
Syntax
ip access-list extended access-list-name
To delete an access list, use the no ip access-list extended access-list-name command.
Parameters
access-list-name Enter a string up to 140 characters long as the access list name.
Defaults All access lists contain an implicit deny any; that is, if no match occurs, the packet is dropped.
Command Modes CONFIGURATION
Supported Modes Full–Switch
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
Usage Information The number of entries allowed per ACL is hardware-dependent. For detailed specication on entries allowed per
ACL, refer to your line card documentation.
Example
Dell(conf)#ip access-list extended TESTListEXTEND
Dell(config-ext-nacl)#
Related Commands
ip access-list standard — congures a standard IP access list.
resequence access-list — Displays the current conguration.
permit (for Extended IP ACLs)
To pass IP packets meeting the lter criteria, congure a lter.
Syntax
permit {source mask | any | host ip-address} {destination mask | any | host ip-
address} [count [bytes]] [dscp value] [order] [fragments] [log [interval
minutes] [threshold-in-msgs [count]] [monitor]
To remove this lter, you have two choices:
• Use the no seq sequence-number command if you know the lter’s sequence number.
•
Use the no deny {source mask | any | host ip-address} {destination mask | any |
host ip-address} command.
Access Control Lists (ACL) 171