Command Line Reference Guide

ManualsBrandsDell ManualsserversDell Force10 E600i

201

202

203

204

205

206

207

208

209

210

202 | Access Control Lists (ACL)

www.dell.com | support.dell.com

The C-Series and S-Series cannot count both packets and bytes, so when you enter the count byte

options, only bytes are incremented.

The monitor option is relevant in the context of flow-based monitoring only. See the Chapter 46, Port

Monitoring.

Commands

deny arp

Configure an egress filter that drops ARP packets on egress ACL supported line cards (see your line

card documentation).

Syntax

deny arp {destination-mac-address mac-address-mask | any} vlan vlan-id {ip-address | any |

opcode code-number} [count [byte] | log] [order] [monitor]

To remove this filter, use one of the following:

•Use the no seq sequence-number command syntax if you know the filter’s sequence number or

•Use the no deny arp {destination-mac-address mac-address-mask | any} vlan vlan-id

{ip-address | any | opcode code-number} command.

Parameters

Note: When ACL logging and byte counters are configured simultaneously, byte counters may display

an incorrect value. Configure packet counters with logging instead.

deny tcp Assign a filter to deny TCP packets.

deny udp Assign a filter to deny UDP packets.

ip access-list extended Create an extended ACL.

destination-mac-address

mac-address-mask

Enter a MAC address and mask in the nn:nn:nn:nn:nn format.

For the MAC address mask, specify which bits in the MAC address must

match.

The MAC ACL supports an inverse mask, therefore, a mask of ff:ff:ff:ff:ff:ff

allows entries that do not match and a mask of 00:00:00:00:00:00 only

allows entries that match exactly.

any Enter the keyword any to match and drop any ARP traffic on the interface.

vlan vlan-id Enter the keyword vlan followed by the VLAN ID to filter traffic associated

with a specific VLAN.

Range: 1 to 4094, 1-2094 for ExaScale (can used IDs 1-4094)

To filter all VLAN traffic specify VLAN 1.

ip-address

Enter an IP address in dotted decimal format (A.B.C.D) as the target IP

address of the ARP.

opcode code-number Enter the keyword opcode followed by the number of the ARP opcode.

Range: 1 to 23.

count (OPTIONAL) Enter the keyword count to count packets processed by the

filter.

byte (OPTIONAL) Enter the keyword byte to count bytes processed by the filter.

log (OPTIONAL, E-Series only) Enter the keyword log to have the information

kept in an ACL log file.