Reference Guide
Usage
Information
The system supports one ingress and one egress IP ACL per interface.
The number of entries allowed per ACL is hardware-dependent. For detailed
information on the number entries allowed per ACL on the Z9500, refer to the
Content Addressable Memory (CAM) chapter in the Z9500 Configuration Guide.
Example
Dell(conf)#ip access-list standard TestList
Dell(config-std-nacl)#
Related
Commands
ip access-list extended — creates an extended access list.
show config — displays the current configuration.
permit
Configure a filter to permit packets from a specific source IP address to be processed and forwarded to
another interface on the switch.
Z9500
Syntax
permit {source [mask]| any | host ip-address}
To remove this filter, you have two choices:
• Use the no seq sequence-number command if you know the filter’s
sequence number.
• Use the no permit {source [mask] | any | host ip-address}
command.
Parameters
source Enter the IP address in dotted decimal format of the network
from which the packet was sent.
mask (OPTIONAL) Enter a network mask in /prefix format (/x) or
A.B.C.D. The mask, when specified in A.B.C.D format, may be
either contiguous or non-contiguous.
any Enter the keyword any to specify that all routes are subject
to the filter. You can enter any of the following keywords to
specify route types.
• bytes — Enter the keyword bytes to count bytes
processed by the filter.
• count — Enter the keyword count to count packets the
filter processes.
• dscp — Enter the keyword dcsp to match to the IP DSCP
values. The range is from 0 to 63.
• fragments — Enter the keyword fragments to match
to non-initial fragments of a datagram.
• order — Enter the keyword order to specify the QoS
priority for the ACL entry. The range is from 0 to 254
(where 0 is the highest priority and 254 is the lowest;
lower-order numbers have a higher priority). If you do
Access Control Lists (ACL)
201