Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentForce10 S2410-01-10GE-24P

371

372

373

374

375

376

377

378

379

380

380 | ACL Commands

www.dell.com | support.dell.com

Syntax

IP Standard ACL:

OOEnn6ganC

1-99 {deny | permi t} {ev er y | srcip srcmask} [log] [assi gn-queue queue-id]

[{mirror | redirect} unit/slot/port]

IP Extended ACL:

access-list

100-199 {deny | permit} {every | icmp | igmp | ip | tcp | udp | protocol_number}

{any | srcip srcmask} {any | eq {portkey | 0-65535}{any | dstip dstmask} [eq {portkey |

0-65535}] [precedence precedence | tos tos tosmask | dscp dscp] [log] [assign-queue

queue-id] [redirect unit/slot/port]

Use the no access-list ACLnumber version of this command to delete an ACL (identified by a

number in the range 1-199).

Parameters

Note: The mirror option is supported in the S50V and S25P models only.

1-99 and 100-199

Assign an integer in the range 1 to 99 to an access list for an IP standard ACL. Use

an integer in the range 100 to 199 for an IP extended ACL.

deny | permit

Specify whether the IP ACL rule permits or denies an action.

every | srcip srcmask

For an IP Standard ACL, select the source to filter. Enter either the keyword

every, to match every packet, or use the srcip and srcmask parameters to

specify a source IP address and source mask for a match condition of the ACL

rule (

srcmask is an inverse mask, also called a wildcard mask, as described at

the beginning of this chapter).

every | icmp | igmp

ip | tcp | udp |

protocol_number

For an IP Extended ACL, you have three choices for the source to filter:

• As above, the keyword

every matches every packet.

• The other keywords specify the protocol to filter— ICMP, IGMP, IP, TCP, or

UDP.

• Otherwise, enter the protocol number to match, from 1 to 255.

any|srcip and

srcmask

Enter either any, to match any source IP address, or use the srcip and srcmask

parameters to specify a source IP address and source mask for a match condition

of the ACL rule (

srcmask is an inverse mask, also called a wildcard mask, as

described at the beginning of this chapter).

{

any|eq {portkey |

0-65535}]

For an IP Extended ACL, specify the source Layer 4 port match condition for the

IP ACL rule. You can enter:

• the keyword

any, to accept any Layer 4 port ID

• the keyword

eq and then enter either:

•the

portkey, which can be one of the following keywords: domain,

echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, or www.

Each of these values translates into its equivalent port number, which is

used as both the start and end of a port range.

•the Layer 4 port number, which ranges from 0-65535

{

any|dstip dstmask}

For an IP Extended ACL, specify a destination IP address and destination mask

for the match condition of the ACL rule (

dstmask is an inverse mask, as above).

eq {portkey |

0-65535}

This option is available for both

any and dstip dstmask, and the variables are

as defined above.

[

precedence

precedence | tos tos

tosmask | dscp dscp]

(OPTIONAL) For an IP Extended ACL, specifies the type of service (TOS) for

an IP ACL rule depending on a match of precedence or DSCP values using the

parameters

precedence, tos/tosmask, dscp.