Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4810P

131

132

133

134

135

136

137

138

139

140

remark 8 this remark corresponds to permit ip any host 1.1.1.2

seq 8 permit ip any host 1.1.1.2

seq 10 permit ip any host 1.1.1.3

seq 12 permit ip any host 1.1.1.4

Remarks that do not have a corresponding rule are incremented as a rule. These two mechanisms allow remarks to retain their

original position in the list. The following example shows remark 10 corresponding to rule 10 and as such, they have the same number

before and after the command is entered. Remark 4 is incremented as a rule, and all rules have retained their original positions.

Dell(config-ext-nacl)# show config

ip access-list extended test

remark 4 XYZ

remark 5 this remark corresponds to permit any host 1.1.1.1

seq 5 permit ip any host 1.1.1.1

remark 9 ABC

remark 10 this remark corresponds to permit ip any host 1.1.1.2

seq 10 permit ip any host 1.1.1.2

seq 15 permit ip any host 1.1.1.3

seq 20 permit ip any host 1.1.1.4

Dell# end

Dell# resequence access-list ipv4 test 2 2

Dell# show running-config acl

ip access-list extended test

remark 2 XYZ

remark 4 this remark corresponds to permit any host 1.1.1.1

seq 4 permit ip any host 1.1.1.1

remark 6 this remark has no corresponding rule

remark 8 this remark corresponds to permit ip any host 1.1.1.2

seq 8 permit ip any host 1.1.1.2

seq 10 permit ip any host 1.1.1.3

seq 12 permit ip any host 1.1.1.4

Route Maps

Similar to ACLs and prex lists, route maps are composed of a series of commands that contain a matching criterion and an action;

however, route maps can change the packets meeting the criterion. ACLs and prex lists can only drop or forward the packet or

trac. Route maps process routes for route redistribution. For example, a route map can be called to lter only specic routes and to

add a metric.

Route maps also have an “implicit deny.” Unlike ACLs and prex lists; however, where the packet or trac is dropped, in route maps,

if a route does not match any of the route map conditions, the route is not redistributed.

Implementation Information

The Dell Networking OS implementation of route maps allows route maps with the no match or no set commands. When there

is no match command, all trac matches the route map and the set command applies.

Logging of ACL Processes

This functionality is supported on the S4810 platform.

To assist in the administration and management of trac that traverses the device after being validated by the congured ACLs, you

can enable the generation of logs for access control list (ACL) processes. Although you can congure ACLs with the required permit

or deny lters to provide access to the incoming packet or disallow access to a particular user, it is also necessary to monitor and

examine the trac that passes through the device. To evaluate network trac that is subjected to ACLs, congure the logs to be

triggered for ACL operations. This functionality is primarily needed for network supervision and maintenance activities of the handled

subscriber trac.

138

Access Control Lists (ACLs)