Command Reference Guide
196 | Access Control Lists (ACL)
www.dell.com | support.dell.com
• The order option takes precedence over the seq sequence-number.
• If
sequence-number is not configured, then rules with the same order value are
ordered according to their configuration order.
• If the
sequence-number is configured, then the sequence-number is used as a tie
breaker for rules with the same order.
When you use the
log option, CP processor logs details about the packets that match.
Depending on how many packets match the
log entry and at what rate, the CP may become
busy as it has to log these packets’ details.
Related
Commands
Extended IP ACL Commands
When an ACL is created without any rule and then applied to an interface, ACL behavior
reflects an implicit permit.
The following commands configure extended IP ACLs, which in addition to the IP address
also examine the packet’s protocol type.
c platforms support Ingress IP ACLs only.
e and s platforms support Ingress and Egress IP ACLs.
• deny
• deny arp
• deny ether-type
• deny icmp
• deny tcp
• deny udp
• ip access-list extended
• permit
• permit arp
• permit ether-type
• permit icmp
• permit tcp
Note: When ACL logging and byte counters are configured simultaneously, byte
counters may display an incorrect value. Configure packet counters with logging
instead.
deny Configure a filter to drop packets.
permit Configure a filter to forward packets.
seq Assign a sequence number to a deny or permit filter in an IP access list while
creating the filter.