Dell Force10 C150 Configuration Manual page 141
Ftos configuration guide ftos 8.4.2.7 e-series terascale, c-series, s-series (s50/s25)
Hide thumbs
Also See for Force10 C150:
- Manual (57 pages) ,
- Manual (66 pages) ,
- Quick start manual (33 pages)
Table of Contents
Advertisement
A standard IP ACL uses the source IP address as its match criterion.
Note: On E-Series ExaScale systems, TCP ACL flags are not supported in standard or extended ACLs
with IPv6 microcode. An error message is shown if IPv6 microcode is configured and an ACL is entered
with a TCP filter included.
FTOS(conf-ipv6-acl)#seq 8 permit tcp any any urg
May 5 08:32:34: %E90MJ:0 %ACL_AGENT-2-ACL_AGENT_ENTRY_ERROR: Unable to write seq 8 of
list test as individual TCP flags are not supported on linecard 0
To configure a standard IP ACL, use these commands in the following sequence:
Step
Command Syntax
ip access-list standard
1
seq
2
sequence-number
] | any | host
{
source
[
mask
count
byte
log
[
[
] |
fragments
[
]
Note: When assigning sequence numbers to filters, keep in mind that you might need to insert a
new filter. To prevent reconfiguring multiple filters, assign sequence numbers in multiples of five or
another number.
When you use the
many packets match the log entry and at what rate, the CP may become busy as it has to log these packets'
details.
To view the rules of a particular ACL configured on a particular interface, use the
access-list
ACL-name
Figure 8-3. Command Example: show ip accounting access-list
FTOS#show ip accounting access ToOspf interface gig 1/6
Standard IP access list ToOspf
seq 5 deny any
seq 10 deny 10.2.0.0 /16
seq 15 deny 10.3.0.0 /16
seq 20 deny 10.4.0.0 /16
seq 25 deny 10.5.0.0 /16
seq 30 deny 10.6.0.0 /16
seq 35 deny 10.7.0.0 /16
seq 40 deny 10.8.0.0 /16
seq 45 deny 10.9.0.0 /16
seq 50 deny 10.10.0.0 /16
FTOS#
Figure 8-4
illustrates how the
In the example, filter 25 was configured before filter 15, but the
in the correct order.
access-listname
{ deny | permit }
ip-address
}
order
monitor
] [
] [
]
log
keyword, CP processor logs details about the packets that match. Depending on how
interface
command
interface
seq
command orders the filters according to the sequence number assigned.
Command Mode
CONFIGURATION
CONFIG-STD-NACL
(Figure 226)
in EXEC Privilege mode.
show config
IP Access Control Lists (ACL), Prefix Lists, and Route-maps | 141
Purpose
Enter IP ACCESS LIST mode by
naming a standard IP access list.
Configure a drop or forward filter. The
parameters are:
log and monitor options are
•
supported on E-Series only.
show ip accounting
command displays the filters
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
