Reference Guide

ManualsBrandsDell ManualsNetworkingForce10 S25-01-GE-24P

221

222

223

224

225

226

227

228

229

230

222 | Access Control Lists (ACL)

www.dell.com | support.dell.com

Command

History

Usage

Information

The order option is relevant in the context of the Policy QoS feature only. See the “Quality of

Service” chapter of the FTOS Configuration Guide for more information.

The monitor option is relevant in the context of flow-based monitoring only. See Chapter 44, Port

Monitoring.

When you use the log option, CP processor logs details about the packets that match. Depending on

how many packets match the log entry and at what rate, the CP may become busy as it has to log these

packets’ details.

You cannot include IP, TCP or UDP (Layer 3) filters in an ACL configured with ARP or Ether-type

(Layer 2) filters. Apply Layer 2 ACLs (ARP and Ether-type) to Layer 2 interfaces only.

deny ether-type

Configure an egress filter that drops specified types of Ethernet packets on egress ACL supported line

cards (see your line card documentation).

Syntax

deny ether-type protocol-type-number {destination-mac-address mac-address-mask | any}

vlan vlan-id {source-mac-address mac-address-mask | any} [count [byte] | log] [order]

[monitor]

To remove this filter, use one of the following:

• Use the no seq sequence-number command syntax if you know the filter’s sequence number

• Use the no deny ether-type protocol-type-number {destination-mac-address

mac-address-mask | any} vlan vlan-id {source-mac-address mac-address-mask | any}

command.

Parameters

Version 8.2.1.0 Allows ACL control of fragmented packets for IP (Layer 3) ACLs.

Version 8.1.1.0 Introduced on E-Series ExaScale

Version 7.4.1.0

Added

monitor option

Version 6.5.10

Expanded to include the optional QoS

order priority for the ACL entry.

Note: When ACL logging and byte counters are configured simultaneously, byte counters

may display an incorrect value. Configure packet counters with logging instead.

protocol-type-number

Enter a number from 600 to FFFF as the specific Ethernet type traffic to

drop.

destination-mac-address

mac-address-mask

Enter a MAC address and mask in the nn:nn:nn:nn:nn format.

For the MAC address mask, specify which bits in the MAC address must

match.

The MAC ACL supports an inverse mask, therefore, a mask of

ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of

00:00:00:00:00:00 only allows entries that match exactly.

any Enter the keyword any to match and drop specific Ethernet traffic on the

interface.