Dell PowerEdge VRTX User Manual

Page 730

Advertising
background image

730

ACL Commands

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\CLI Folders\Dell Plasma-ARC

2+3\new_system_mifs_ARC2_latest\ACL.fm

D E L L C O N F ID E N T IA L – P R E L IM I N A RY 4 / 3 /1 4 - FO R P R O O F O N LY

www (80). For UDP enter a number or one of the following values: biff

(512), bootpc (68), bootps (67), discard (9), dnsix (90), domain (53), echo

(7), mobile-ip (434), nameserver (42), netbios-dgm (138), netbios-ns

(137), non500-isakmp (4500), ntp (123), rip (520), snmp 161), snmptrap

(162), sunrpc (111), syslog (514), tacacs-ds (49), talk (517), tftp (69), time

(37), who (513), xdmcp (177). (Range: 0–65535)

source-port

—Specifies the UDP/TCP source port. Predefined port names

are defined in the destination-port parameter. (Range: 0–65535)

match-all

list-of-flags

—List of TCP flags that should occur. If a flag should

be set it is prefixed by “+”.If a flag should be unset it is prefixed by “-”.

Available options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh,

-rst, -syn and -fin. The flags are concatenated to a one string. For example:

+fin-ack.

time-range-name—Name of the time range that applies to this permit

statement. (Range: 1–32)

disable-port—The Ethernet interface is disabled if the condition is

matched.

log-input—Specifies sending an informational syslog message about the

packet that matches the entry. Because forwarding/dropping is done in

hardware and logging is done in software, if a large number of packets

match an ACE containing a log-input keyword, the software might not be

able to match the hardware processing rate, and not all packets will be

logged.

Default Configuration

No IPv4 access list is defined.

Command Mode

IP Access-list Configuration mode

User Guidelines

The number of TCP/UDP ranges that can be defined in ACLs is limited. If a

range of ports is used for a source port in ACE it is not counted again if it is

also used for source port in another ACE. If a range of ports is used for

destination port in ACE it is not counted again if it is also used for

destination port in another ACE.

Advertising
Popular Brands
Popular manuals