Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series
131132133134135136137138139140
NOTE: In order for the VRF ACLs to take effect, ACLs configured in the Layer 3 CAM region must have an
implicit-permit option.
You can use the ip access-group command to configure VRF-aware ACLs on interfaces. Using the ip
access-group command, in addition to a range of VLANs, you can also specify a range of VRFs as input for
configuring ACLs on interfaces. The VRF range is from 1 to 63. These ACLs use the existing V4 ACL CAM
region to populate the entries in the hardware and do not require you to carve out a separate CAM region.
NOTE: You can configure VRF-aware ACLs on interfaces either using a range of VLANs or a range of VRFs
but not both.
Topics:
IP Access Control Lists (ACLs)
Important Points to Remember
IP Fragment Handling
Configure a Standard IP ACL
Configure an Extended IP ACL
Configure Layer 2 and Layer 3 ACLs
Assign an IP ACL to an Interface
Applying an IP ACL
Configure Ingress ACLs
Configure Egress ACLs
IP Prefix Lists
ACL Resequencing
Route Maps
Logging of ACL Processes
Flow-Based Monitoring Support for ACLs
IP Access Control Lists (ACLs)
In Dell Networking switch/routers, you can create two different types of IP ACLs: standard or extended.
A standard ACL filters packets based on the source IP packet. An extended ACL filters traffic based on the
following criteria:
IP protocol number
Source IP address
Destination IP address
Source TCP port number
Destination TCP port number
Source UDP port number
Destination UDP port number
For more information about ACL options, refer to the Dell Networking OS Command Reference Guide.
Access Control Lists (ACLs) 136