Service Manual

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048-ON

341

342

343

344

345

346

347

348

349

350

and extended MAC ACLs. You can configure ACL logging only on ACLs that are

applied to ingress interfaces; you cannot enable logging for ACLs that are

associated with egress interfaces.

You can activate flow-based monitoring for a monitoring session by entering

theflow-based enable command in the Monitor Session mode. When you

enable this capability, traffic with particular flows that are traversing through the

ingress and egress interfaces are examined and, appropriate ACLs can be applied in

both the ingress and egress direction. Flow-based monitoring conserves

bandwidth by monitoring only specified traffic instead all traffic on the interface.

This feature is particularly useful when looking for malicious traffic. It is available for

Layer 2 and Layer 3 ingress and egress traffic. You may specify traffic using

standard or extended access-lists. This mechanism copies all incoming or outgoing

packets on one port and forwards (mirrors) them to another port. The source port

is the monitored port (MD) and the destination port is the monitoring port (MG).

Commands

ip access-list extended — creates an extended ACL.

permit tcp — assigns a permit filter for TCP packets.

permit udp — assigns a permit filter for UDP packets.

permit (for Standard MAC ACLs)

To forward packets from a specific source MAC address, configure a filter.

Syntax

permit {any | mac-source-address [mac-source-address-mask]}

[count [byte]] | [log [interval minutes] [threshold-in-msgs

[count]] [monitor]

To remove this filter, you have two choices:

• Use the no seq sequence-number command if you know the filter’s

sequence number.

• Use the no permit {any | mac-source-address mac-source-

address-mask} command.

Parameters

log (OPTIONAL) Enter the keyword log to enable the triggering

of ACL log messages.

threshold-in msgs

count

(OPTIONAL) Enter the threshold-in-msgs keyword

followed by a value to indicate the maximum number of

ACL logs that can be generated, exceeding which the

generation of ACL logs is terminated with the seq, permit,

deny commands. The threshold range is from 1 to 100.

348

Access Control Lists (ACL)