Manualshelf

CLI Guide

ManualsBrandsDell ManualsAccess PlatformsFN IO Module
211212213214215216217218219220
ACL logging only on ACLs that are applied to ingress interfaces; you cannot enable
logging for ACLs that are associated with egress interfaces.
You can activate flow-based monitoring for a monitoring session by entering the
flow-based enable command in the Monitor Session mode. When you enable
this capability, traffic with particular flows that are traversing through the ingress
and egress interfaces are examined and, appropriate ACLs can be applied in both
the ingress and egress direction. Flow-based monitoring conserves bandwidth by
monitoring only specified traffic instead all traffic on the interface. This feature is
particularly useful when looking for malicious traffic. It is available for Layer 2 and
Layer 3 ingress and egress traffic. You may specify traffic using standard or
extended access-lists. This mechanism copies all incoming or outgoing packets on
one port and forwards (mirrors) them to another port. The source port is the
monitored port (MD) and the destination port is the monitoring port (MG).
Related
Commands
permit — configures a MAC address filter to pass packets.
seq — configures a MAC address filter with a specified sequence number.
mac access-list extended
Name a new or existing extended MAC access control list (extended MAC ACL).
Syntax
mac access-list extended access-list-name [cpu-qos]
Parameters
access-list-name Enter a text string as the MAC access list name, up to 140
characters.
cpu-qos Enter the keyword cpu-qos to assign this ACL to control
plane traffic only (CoPP).
Defaults None
Command Modes CONFIGURATION
Supported Modes Full–Switch
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
8.3.16.1 Introduced on the MXL 10/40GbE Switch IO Module.
Usage Information
The number of entries allowed per ACL is hardware-dependent. For detailed
specifications on entries allowed per ACL, refer to your line card documentation.
Example
Dell(conf)#mac-access-list access-list extended TestMATExt
Dell(config-ext-macl)#remark 5 IPv4
Dell(config-ext-macl)#seq 10 permit any any ev2 eq 800 count
Access Control Lists (ACL)
211