Manualshelf

Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S5000
111112113114115116117118119120
116 | Access Control Lists (ACLs)
www.dell.com | support.dell.com
An ACL is essentially a filter containing some criteria to match (examine IP, TCP, or UDP packets) and an
action to take (permit or deny). ACLs are processed in sequence so that if a packet does not match the
criterion in the first filter, the second filter (if configured) is applied. When a packet matches a filter, the
switch drops or forwards the packet based on the filters specified action. If the packet does not match any
of the filters in the ACL, the packet is dropped (implicit deny).
The number of ACLs supported on a system depends on your CAM size. For more information, refer to
CAM Allocation and CAM Optimization.
IP Access Control Lists (ACLs)
In the Dell Networking switch/routers, you can create two different types of IP ACLs: standard or
extended. A standard ACL filters packets based on the source IP packet. An extended ACL filters packets
based on the following criteria:
IP protocol number
Source IP address
Destination IP address
Source TCP port number
Destination TCP port number
Source UDP port number
Destination UDP port number
For more information on ACL supported options, refer to the Dell Command Reference Guide.
For extended ACL TCP and UDP filters, you can match criteria on specific or ranges of TCP or UDP
ports. For extended ACL TCP filters, you can also match criteria on established TCP sessions.
When creating an access list, the sequence of the filters is important. You have a choice of assigning
sequence numbers to the filters as you enter them, or Dell Networking OS will assign numbers in the order
the filters are created. The sequence numbers, whether configured or assigned by Dell Networking OS, are
listed in the
show config and show ip accounting access-list command display output.
Ingress and egress Hot Lock ACLs allow you to append or delete new rules into an existing ACL (already
written into CAM) without disrupting traffic flow. Existing entries in CAM are shuffled to accommodate
the new entries. Hot Lock ACLs are enabled by default and support both standard and extended ACLs.
Note: Hot Lock ACLs are supported for Ingress ACLs only.