Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

121

122

123

124

125

126

127

128

129

130

seq 5 permit ip any host 1.1.1.1

remark 9 ABC

remark 10 this remark corresponds to permit ip any host 1.1.1.2

seq 10 permit ip any host 1.1.1.2

seq 15 permit ip any host 1.1.1.3

seq 20 permit ip any host 1.1.1.4

Dell# end

Dell# resequence access-list ipv4 test 2 2

Dell# show running-config acl

ip access-list extended test

remark 2 XYZ

remark 4 this remark corresponds to permit any host 1.1.1.1

seq 4 permit ip any host 1.1.1.1

remark 6 this remark has no corresponding rule

remark 8 this remark corresponds to permit ip any host 1.1.1.2

seq 8 permit ip any host 1.1.1.2

seq 10 permit ip any host 1.1.1.3

seq 12 permit ip any host 1.1.1.4

Route Maps

Although route maps are similar to ACLs and prex lists in that they consist of a series of commands that contain a matching criterion and

an action, route maps can modify parameters in matching packets.

Implementation Information

ACLs and prex lists can only drop or forward the packet or trac. Route maps process routes for route redistribution. For example, a route

map can be called to lter only specic routes and to add a metric.

Route maps also have an “implicit deny.” Unlike ACLs and prex lists; however, where the packet or trac is dropped, in route maps, if a

route does not match any of the route map conditions, the route is not redistributed.

The implementation of route maps allows route maps with the no match or no set commands. When there is no match command, all trac

matches the route map and the set command applies.

Logging of ACL Processes

This functionality is supported on the platform.

To assist in the administration and management of trac that traverses the device after being validated by the congured ACLs, you can

enable the generation of logs for access control list (ACL) processes. Although you can congure ACLs with the required permit or deny

lters to provide access to the incoming packet or disallow access to a particular user, it is also necessary to monitor and examine the

trac that passes through the device. To evaluate network trac that is subjected to ACLs, congure the logs to be triggered for ACL

operations. This functionality is primarily needed for network supervision and maintenance activities of the handled subscriber trac.

When ACL logging is congured, and a frame reaches an ACL-enabled interface and matches the ACL, a log is generated to indicate that

the ACL entry matched the packet.

When you enable ACL log messages, at times, depending on the volume of trac, it is possible that a large number of logs might be

generated that can impact the system performance and eciency. To avoid an overload of ACL logs from being recorded, you can

congure the rate-limiting functionality. Specify the interval or frequency at which ACL logs must be triggered and also the threshold or

limit for the maximum number of logs to be generated. If you do not specify the frequency at which ACL logs must be generated, a default

interval of 5 minutes is used. Similarly, if you do not specify the threshold for ACL logs, a default threshold of 10 is used, where this value

refers to the number of packets that are matched against an ACL .

A Layer 2 or Layer 3 ACL contains a set of dened rules that are saved as ow processor (FP) entries. When you enable ACL logging for a

particular ACL rule, a set of specic ACL rules translate to a set of FP entries. You can enable logging separately for each of these FP

Access Control Lists (ACLs)

123