Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S6000

121

122

123

124

125

126

127

128

129

130

130 | Access Control Lists (ACL)

www.dell.com | support.dell.com

But an ACL rule with TCP port lt 1023 takes only one entry in the CAM:

Rule# Data Mask From To #Covered

1 0000000000000000 1111110000000000 0 1023 1024

Total Ports: 1024

Commands

ip access-list extended

s z

Name (or select) an extended IP access list (IP ACL) based on IP addresses or protocols.

Syntax

ip access-list extended access-list-name [cpu-qos]

To delete an access list, use the no ip access-list extended access-list-name command.

Parameters

Defaults

All access lists contain an implicit “deny any”; that is, if no match occurs, the packet is dropped.

Command Modes

CONFIGURATION

Command

History

Usage

Information

The number of entries allowed per ACL is hardware-dependent. Refer to your stack-unit

documentation for detailed specification on entries allowed per ACL.

Prior to 7.8.1.0, names are up to 16 characters long.

Example

Figure 6-5. Command Example: ip access-list extended

FTOS(conf)#ip access-list extended TESTListEXTEND

FTOS(config-ext-nacl)#

Commands

deny Assign a deny filter for IP traffic.

deny tcp Assign a deny filter for TCP traffic.

S6000

access-list-name

Enter a string up to 140 characters long as the access list name.

cpu-qos Enter the cpu-qos keyword to assign this ACL to control plane traffic only

(CoPP).

Version 9.0.2.0 Introduced on the S6000.

Version 8.3.11.1 Introduced on the Z9000.

Version 7.8.1.0 Increased name string to accept up to 140 characters. Prior to 7.8.1.0, names are up to

16 characters long.

Version 9.0.2.0 Support added for S-Series

ip access-list standard Configure a standard IP access list.

show config Display the current configuration.