Concept Guide
Example
An ACL rule with a TCP port lt 1023 uses only one entry in the CAM.
Dell# Data Mask From To #Covered
1 0000000000000000 1111110000000000 0 1023 1024
Total Ports: 1024
Related Commands
deny — assigns a lter to deny IP trac.
deny tcp — assigns a lter to deny TCP trac.
deny arp (for Extended MAC ACLs)
Congure an egress lter that drops ARP packets on egress ACL supported line cards. (For more information, refer to your line card
documentation).
Syntax
deny arp {destination-mac-address mac-address-mask | any} vlan vlan-id {ip-
address | any | opcode code-number} [count [byte]] [order] [log [interval
minutes] [threshold-in-msgs [count]] [monitor]
To remove this lter, you have two choices:
• Use the no seq sequence-number command if you know the lter’s sequence number.
•
Use the no deny arp {destination-mac-address mac-address-mask | any} vlan vlan-
id {ip-address | any | opcode code-number} command.
Parameters
destination-mac-
address mac-
address-mask
Enter a MAC address and mask in the nn:nn:nn:nn:nn format.
For the MAC address mask, specify which bits in the MAC address must match.
The MAC ACL supports an inverse mask; therefore, a mask of ::::: allows entries
that do not match and a mask of 00:00:00:00:00:00 only allows entries that match
exactly.
any
Enter the keyword any to match and drop any ARP trac on the interface.
vlan vlan-id
Enter the keyword vlan and then enter the VLAN ID to lter trac associated with a
specic VLAN. The range is 1 to 4094 and 1 to 2094 for ExaScale ( you can use IDs 1 to
4094). To lter all VLAN trac, specify VLAN 1.
ip-address
Enter an IP address in dotted decimal format (A.B.C.D) as the target IP address of the
ARP.
opcode code-number
Enter the keyword opcode and then enter the number of the ARP opcode. The range is
from 1 to 23.
Access Control Lists (ACL) 219