Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series

211

212

213

214

215

216

217

218

219

220

2 0000111111000000 1111111111000000 4032 4095 64

3 0001000000000000 1111100000000000 4096 6143 2048

4 0001100000000000 1111110000000000 6144 7167 1024

5 0001110000000000 1111111000000000 7168 7679 512

6 0001111000000000 1111111100000000 7680 7935 256

7 0001111100000000 1111111111000000 7936 7999 64

8 0001111101000000 1111111111111111 8000 8000 1

Total Ports: 4001

Example

An ACL rule with a TCP port lt 1023 uses only one entry in the CAM.

DellEMC# Data Mask From To #Covered

1 0000000000000000 1111110000000000 0 1023 1024

Total Ports: 1024

Commands

● ip access-list extended — create an extended ACL.

● permit — assign a permit filter for IP packets.

● permit udp — assign a permit filter for UDP packets.

permit udp

To pass UDP packets meeting the filter criteria, configure a filter.

Syntax

permit udp {source mask | any | host ip-address} [operator port [port]]

{destination mask | any | host ip-address} [ttl operator] [dscp] [operator

port [port]] [count [byte] [order] [fragments] [monitor] [no-drop]

To remove this filter, you have two choices:

● Use the no seq sequence-number command if you know the filter’s sequence number.

● Use the no permit udp {source mask | any | host ip-address} {destination

mask | any | host ip-address command.

Parameters

source

Enter the IP address of the network or host from which the packets were sent.

mask

Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified

in A.B.C.D format, may be either contiguous or non-contiguous.

any Enter the keyword any to specify that all routes are subject to the filter.

host

ip-address

Enter the keyword host and then enter the IP address to specify a host IP

address.

ttl Enter the keyword ttl to permit a packet based on the time to live value. The

range is from 1 to 255.

operator

Enter one of the following logical operand:

● eq(equal to) — matches packets that contain a ttl value that is equal to the

specified ttl value.

● neq(not equal to) — matches packets that contain a ttl value that is not equal

to the specified ttl value.

● gt(greater than) — matches packets that contain a ttl value that is greater

than the specified ttl value.

● lt (less than) — matches packets that contain a ttl value that is less than the

specified ttl value.

● range(inclusive range of values) — matches packets that contain a ttl value

that falls between the specified range of ttl values.

dscp Enter the keyword dscp to deny a packet based on the DSCP value. The range is

from 0 to 63.

Access Control Lists (ACL) 213