Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048T-ON

351

352

353

354

355

356

357

358

359

360

egress direction. Flow-based monitoring conserves bandwidth by monitoring only

specified traffic instead all traffic on the interface. This feature is particularly useful

when looking for malicious traffic. It is available for Layer 2 and Layer 3 ingress and

egress traffic. You may specify traffic using standard or extended access-lists. This

mechanism copies all incoming or outgoing packets on one port and forwards (mirrors)

them to another port. The source port is the monitored port (MD) and the destination

port is the monitoring port (MG).

deny icmp (for Extended IP ACLs)

To drop all or specific internet control message protocol (ICMP) messages, configure a filter.

NOTE

: Only the options that have been newly introduced in Release 9.3(0.0) and Release 9.4(0.0) are

described here. For a complete description on all of the keywords and variables that are available with this

command, refer the topic of this command discussed earlier in this guide.

Syntax

deny icmp {source mask | any | host ip-address} {destination mask

| any | host ip-address} [dscp] [message-type] [count [byte]]

[order] [fragments] [log [interval minutes] [threshold-in-msgs

[count]] [monitor]

To remove this filter, you have two choices:

• Use the no seq sequence-number command if you know the filter’s sequence

number.

• Use the no deny icmp {source mask | any | host ip-address}

{destination mask | any | host ip-address} command.

Parameters

log (OPTIONAL) Enter the keyword log to enable the triggering of

ACL log messages.

threshold-in msgs

count

(OPTIONAL) Enter the threshold-in-msgs keyword followed

by a value to indicate the maximum number of ACL logs that

can be generated, exceeding which the generation of ACL logs

is terminated with the seq, permit, or deny commands. The

threshold range is from 1 to 100.

interval minutes (OPTIONAL) Enter the keyword interval followed by the time

period in minutes at which ACL logs must be generated. The

time interval range is from 1 to 10 minutes.

monitor (OPTIONAL) Enter the keyword monitor when the rule is

describing the traffic that you want to monitor and the ACL in

which you are creating the rule is applied to the monitored

interface.

Defaults

By default, 10 ACL logs are generated if you do not specify the threshold explicitly.

Access Control Lists (ACL) 357