Manualshelf

Service Manual

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON
111112113114115116117118119120
Dell(conf-ext-nacl)#deny ip any any fragment
Dell(conf-ext-nacl)
Example of Logging Denied Packets
To log all the packets denied and to override the implicit deny rule and the implicit permit rule for TCP/ UDP fragments, use a
conguration similar to the following.
Dell(conf)#ip access-list extended ABC
Dell(conf-ext-nacl)#permit tcp any any fragment
Dell(conf-ext-nacl)#permit udp any any fragment
Dell(conf-ext-nacl)#
deny ip any any log
Dell(conf-ext-nacl)
When conguring ACLs with the fragments keyword, be aware of the following.
When an ACL lters packets, it looks at the fragment oset (FO) to determine whether it is a fragment.
FO = 0 means it is either the rst fragment or the packet is a non-fragment.
FO > 0 means it is dealing with the fragments of the original packet.
Congure a Standard IP ACL
To congure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode.
For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference
Guide. To set up extended ACLs, refer to Congure an Extended IP ACL.
A standard IP ACL uses the source IP address as its match criterion.
1. Enter IP ACCESS LIST mode by naming a standard IP access list.
CONFIGURATION mode
ip access-list standard access-listname
2. Congure a drop or forward lter.
CONFIG-STD-NACL mode
seq sequence-number {deny | permit} {source [mask] | any | host ip-address} [count
[byte] [dscp] [order] [fragments]
NOTE: When assigning sequence numbers to lters, keep in mind that you might need to insert a new lter. To prevent
reconguring multiple lters, assign sequence numbers in multiples of ve.
To view the rules of a particular ACL congured on a particular interface, use the show ip accounting access-list ACL-
name
interface interface command in EXEC Privilege mode.
Example of Viewing the Rules of a Specic ACL on an Interface
The following is an example of viewing the rules of a specic ACL on an interface.
Dell#show ip accounting access-list ToOspf interface gig 1/6
Standard IP access list ToOspf
seq 5 deny any
seq 10 deny 10.2.0.0 /16
seq 15 deny 10.3.0.0 /16
seq 20 deny 10.4.0.0 /16
seq 25 deny 10.5.0.0 /16
seq 30 deny 10.6.0.0 /16
seq 35 deny 10.7.0.0 /16
seq 40 deny 10.8.0.0 /16
seq 45 deny 10.9.0.0 /16
seq 50 deny 10.10.0.0 /16
Dell#
Access Control Lists (ACLs)
117