Reference Guide
122 | Access Control Lists (ACLs)
www.dell.com | support.dell.com
Configuring a Standard IP ACL
To configure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode.
For a complete listing of all commands related to IP ACLs, refer to the Dell Command Line Interface
Reference document.
To set up extended ACLs, refer to Configuring an Extended IP ACL.
A standard IP ACL uses the source IP address as its match criterion.
To configure a standard IP ACL, follow these steps:
Note the following when configuring ACLs with the fragments keyword.
When an ACL filters packets it looks at the Fragment Offset (FO) to determine whether or not it is a fragment.
• FO = 0 means it is either the first fragment or the packet is a non-fragment.
• FO > 0 means it is dealing with the fragments of the original packet.
Permit ACL line with L3 information only, and the fragments keyword is present:
If a packet's L3 information matches the L3 information in the ACL line, the packet's fragment offset (FO) is
checked.
• If a packet's FO > 0, the packet is permitted.
• If a packet's FO = 0 , the next ACL entry is processed.
Deny ACL line with L3 information only, and the fragments keyword is present:
If a packet's L3 information does match the L3 information in the ACL line, the packet's fragment offset (FO) is
checked.
• If a packet's FO > 0, the packet is denied.
• If a packet's FO = 0, the next ACL line is processed.
Step Command Syntax Command Mode Purpose
1
ip access-list standard access-listname
CONFIGURATION Enter IP ACCESS LIST mode by
naming a standard IP access list.
2
seq sequence-number {deny | permit}
{source [mask] | any | host ip-address}
[count [byte] | log ] [order] [monitor]
[
fragments]
CONFIG-STD-NACL Configure a drop or forward filter.
Note: When assigning sequence numbers to filters, keep in mind that you might need to insert a
new filter. To prevent reconfiguring multiple filters, assign sequence numbers in multiples of five or
another number.