Reference Guide
132 | Access Control Lists (ACL)
www.dell.com | support.dell.com
The S-Series cannot count both packets and bytes, so when you enter the count byte options, only
bytes are incremented.
Related
Commands
permit tcp
s z
Configure a filter to pass TCP packets meeting the filter criteria.
Syntax
permit tcp {source mask | any | host ip-address} [bit] [operator port [port]] {destination mask
| any | host ip-address} [bit] [dscp] [operator port [port]] [count [byte]] [order] [fragments]
To remove this filter, you have two choices:
• Use the no seq sequence-number command syntax if you know the filter’s sequence number or
• Use the no permit tcp {source mask | any | host ip-address} {destination mask | any |
host ip-address} command.
Parameters
Note: When ACL logging and byte counters are configured simultaneously, byte counters
may display an incorrect value. Configure packet counters with logging instead.
ip access-list extended Create an extended ACL.
permit tcp Assign a permit filter for TCP packets.
permit udp Assign a permit filter for UDP packets.
S6000
source
Enter the IP address of the network or host from which the packets were sent.
mask
Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in
A.B.C.D format, may be either contiguous or non-contiguous.
any Enter the keyword any to specify that all routes are subject to the filter.
host ip-address Enter the keyword host followed by the IP address to specify a host IP address.
bit
Enter a flag or combination of bits:
ack: acknowledgement field
fin: finish (no more data from the user)
psh: push function
rst: reset the connection
syn: synchronize sequence numbers
urg: urgent field
dscp
Enter this keyword to deny a packet based on DSCP value.
Range: 0-63
operator
(OPTIONAL) Enter one of the following logical operand:
•
eq = equal to
•
neq = not equal to
•
gt = greater than
•
lt = less than
•
range = inclusive range of ports (you must specify two port for the port
parameter.)