Acl binding – Dell PowerEdge VRTX User Manual

222

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Dell Plasma\User

Guide\Plasma_UGSwitching_NetworkSecurity.fm

D E L L C O N F ID E N T IA L – P R E L IM I N A RY 4 / 1 8 /1 3 - F O R P R O O F O N LY

The following is an example of some of the CLI commands:

ACL Binding

When an ACL is bound to an interface, all the rules that have been defined

for the ACL are applied to that interface. Whenever an ACL is assigned on a

port or LAG, flows from that ingress or egress interface that do not match the

ACL, are matched to the default rule, which is to Drop unmatched packets.

deny protocol {any |{source-prefix/length}

{any | destination-prefix/length} [dscp

number | precedence number] [time-range

time-range-name] [disable-port | log-

input]

deny icmp {any {source-prefix/length} {any

| destination-prefix/length} {any | icmp-

type} {any | icmp-code} [dscp number |

precedence number] [time-range time-range-

name] [disable-port | log-input]

deny tcp {any | {source-prefix/length} {any

| source-port/port-range}} {any |

destination-prefix/length} {any |

destination-port/port-range} [dscp number

| precedence number] [match-all list-of-

flags] [time-range time-range-name]

[disable-port | log-input]

deny udp {any | {source-prefix/length}}

{any | source-port/port-range}} {any |

destination-prefix/length} {any |

destination-port/port-range} [dscp number

| precedence number] [time-range time-

range-name] [disable-port | log-input]

Sets deny conditions

for IPv6 access list (in

Access List

Configuration mode).

console(config)# ipv6 access-list server

console(config-ipv6-al)# permit tcp 3001::2/64 any any 80

Table 7-7. IP-Based ACE CLI Commands (Continued)

CLI Command

Description