Service Manual

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

121

122

123

124

125

126

127

128

129

130

CONFIG-NACL mode

permit ip {source mask | any | host ip-address} {destination mask | any | host ip-

address} count

FTOS Behavior: Virtual router redundancy protocol (VRRP) hellos and internet group management protocol (IGMP) packets are not

aected when you enable egress ACL ltering for CPU trac. Packets sent by the CPU with the source address as the VRRP virtual

IP address have the interface MAC address instead of VRRP virtual MAC address.

IP Prex Lists

IP prex lists control routing policy. An IP prex list is a series of sequential lters that contain a matching criterion (examine IP route

prex) and an action (permit or deny) to process routes. The lters are processed in sequence so that if a route prex does not

match the criterion in the rst lter, the second lter (if congured) is applied. When the route prex matches a lter, Dell

Networking OS drops or forwards the packet based on the lter’s designated action. If the route prex does not match any of the

lters in the prex list, the route is dropped (that is, implicit deny).

A route prex is an IP address pattern that matches on bits within the IP address. The format of a route prex is A.B.C.D/X where

A.B.C.D is a dotted-decimal address and /X is the number of bits that should be matched of the dotted decimal address. For

example, in 112.24.0.0/16, the rst 16 bits of the address 112.24.0.0 match all addresses between 112.24.0.0 to 112.24.255.255.

The following examples show permit or deny lters for specic routes using the le and ge parameters, where x.x.x.x/x represents a

route prex:

• To deny only /8 prexes, enter deny x.x.x.x/x ge 8 le 8.

• To permit routes with the mask greater than /8 but less than /12, enter permit x.x.x.x/x ge 8.

• To deny routes with a mask less than /24, enter deny x.x.x.x/x le 24.

• To permit routes with a mask greater than /20, enter permit x.x.x.x/x ge 20.

The following rules apply to prex lists:

• A prex list without any permit or deny lters allows all routes.

• An “implicit deny” is assumed (that is, the route is dropped) for all route prexes that do not match a permit or deny lter in a

congured prex list.

• After a route matches a lter, the lter’s action is applied. No additional lters are applied to the route.

Implementation Information

In Dell Networking OS, prex lists are used in processing routes for routing protocols (for example, router information protocol [RIP],

open shortest path rst [OSPF], and border gateway protocol [BGP]).

NOTE: It is important to know which protocol your system supports prior to implementing prex-lists.

Conguration Task List for Prex Lists

To congure a prex list, use commands in PREFIX LIST, ROUTER RIP, ROUTER OSPF, and ROUTER BGP modes.

Create the prex list in PREFIX LIST mode and assign that list to commands in ROUTER RIP, ROUTER OSPF and ROUTER BGP

modes.

The following list includes the conguration tasks for prex lists, as described in the following sections.

• Conguring a prex list

• Use a prex list for route redistribution

For a complete listing of all commands related to prex lists, refer to the Dell Networking OS Command Line Interface Reference

Guide.

Access Control Lists (ACLs)

125