Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4810P

121

122

123

124

125

126

127

128

129

130

ACL in which the sequence numbers were assigned by the software. The lters were assigned sequence numbers based on the

order in which they were congured (for example, the rst lter was given the lowest sequence number). The show config

command in IP ACCESS LIST mode displays the two lters with the sequence numbers 5 and 10.

Example of Viewing Filter Sequence for a Specied Extended ACL

Dell(config-ext-nacl)#deny tcp host 123.55.34.0 any

Dell(config-ext-nacl)#permit udp 154.44.123.34 0.0.255.255 host 34.6.0.0

Dell(config-ext-nacl)#show config

ip access-list extended nimule

seq 5 deny tcp host 123.55.34.0 any

seq 10 permit udp 154.44.0.0 0.0.255.255 host 34.6.0.0

Dell(config-ext-nacl)#

To view all congured IP ACLs and the number of packets processed through the ACL, use the show ip accounting access-

list command in EXEC Privilege mode, as shown in the rst example in Congure a Standard IP ACL Filter.

Congure Layer 2 and Layer 3 ACLs

Both Layer 2 and Layer 3 ACLs may be congured on an interface in Layer 2 mode.

If both L2 and L3 ACLs are applied to an interface, the following rules apply:

• When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not ltered against an L2 ACL.

• When Dell Networking OS switches the packets, rst the L3 ACL lters them, then the L2 ACL lters them.

• When Dell Networking OS switches the packets, the egress L3 ACL does not lter the packet.

For the following features, if you enable counters on rules that have already been congured and a new rule is either inserted or

prepended, all the existing counters are reset:

• L2 ingress access list

• L3 egress access list

• L2 egress access list

If a rule is simply appended, existing counters are not aected.

Table 9. L2 and L3 Filtering on Switched Packets

L2 ACL Behavior L3 ACL Behavior Decision on Targeted Trac

Deny Deny L3 ACL denies.

Deny Permit L3 ACL permits.

Permit Deny L3 ACL denies.

Permit Permit L3 ACL permits.

NOTE: If you congure an interface as a vlan-stack access port, only the L2 ACL lters the packets. The L3 ACL applied

to such a port does not aect trac. That is, existing rules for other features (such as trace-list, policy-based routing

[PBR], and QoS) are applied to the permitted trac.

For information about MAC ACLs, refer to Layer 2.

Assign an IP ACL to an Interface

To pass trac through a congured IP ACL, assign that ACL to a physical interface, a port channel interface, or a VLAN.

The IP ACL is applied to all trac entering a physical or port channel interface and the trac is either forwarded or dropped

depending on the criteria and actions specied in the ACL.

Access Control Lists (ACLs)

127