Quick Reference Guide

ManualsBrandsDell ManualsserversDell Networking N4000 Series

261

262

263

264

265

266

267

268

269

270

ACL Commands 261

ACL names are global. An IPv6 access list cannot have the same name as an

IPv4 access list. Access list names can consist of any printable character.

Names can be up to 31 characters in length.

deny | permit (IP ACL)

Use this command in Ipv4-Access-List Configuration mode to create a new

rule for the current IP access list. Each rule is appended to the list of

configured rules for the list.

Syntax

{deny | permit} {every | {{

ipv4-protocol

0-255

every

} {

srcip srcmask

any | host

srcip

} [{range {

portkey

startport

} {

portkey

endport

} | {eq |

neq | lt | gt} {

portkey

0-65535

} ] {

dstip dstmask

| any | host

dstip

}

[{range {

portkey

startport

} {

portkey

endport

} | {eq | neq | lt | gt}

{

portkey

0-65535

}] [flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -

psh] [+ack | -ack] [+urg | -urg] [established]] [icmp-type

icmp-type

[icmp-

code

icmp-code

] | icmp-message

icmp-message

] [igmp-type

igmp-type

]

[fragments] [precedence

precedence

| tos

tos

[

tosmask

] | dscp

dscp

]}}

[time-range

time-range-name

] [log] [assign-queue

queue-id

] [{mirror |

redirect}

unit/slot/port

] [rate-limit

rate burst-size

]

•{

deny | permit

}–Specifies whether the IP ACL rule permits or denies the

matching traffic.

•

{

ipv4-protocol

number

every

}—

Specifies the protocol to match for the IP

ACL rule.

– IPv4 protocols:

eigrp, gre, icmp, igmp, ip, ipinip, ospf, tcp, udp, pim

–

Every

: Match any protocol (don’t care)

•

srcip

srcmask

| any | host

srcip

—Specifies a source IP address and netmask

to match for the IP ACL rule.

– Specifying “any” implies specifying

srcip

as “0.0.0.0” and

srcmask

“255.255.255.255” for IPv4.

– Specifying “host A.B.C.D” implies

srcip

as “A.B.C.D” and

srcmask

“0.0.0.0”.

•

[{{eq | neq | lt | gt} {

portkey

number

} | range

startport endport

}]

—

Specifies the layer 4 destination port match condition for the IP ACL rule.

A destination port number, which ranges from 0-65535, can be entered, or

2CSNXXX_SWUM200.book Page 261 Tuesday, December 10, 2013 1:22 PM