beautypg.com

Dell PowerEdge VRTX User Manual

Page 738

background image

738

ACL Commands

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\CLI Folders\Dell Plasma-ARC

2+3\new_system_mifs_ARC2_latest\ACL.fm

D E L L C O N F ID E N T IA L – P R E L IM I N A RY 4 / 3 /1 4 - FO R P R O O F O N LY

match-all

list-of-flags

—List of TCP flags that should occur. If a flag should

be set it is prefixed by “+”.If a flag should be unset it is prefixed by “-”.

Available options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh,

-rst, -syn and -fin. The flags are concatenated to a one string. For example:

+fin-ack.

time-range-name—Name of the time range that applies to this permit

statement. (Range: 1–32)

disable-port—The Ethernet interface is disabled if the condition is

matched.

log-input—Specifies sending an informational syslog message about the

packet that matches the entry. Because forwarding/dropping is done in

hardware and logging is done in software, if a large number of packets

match an ACE containing a log-input keyword, the software might not be

able to match the hardware processing rate, and not all packets will be

logged.

Default Configuration

No IPv6 access list is defined.

Command Mode

Ipv6 Access-list Configuration mode

User Guidelines

The number of TCP/UDP ranges that can be defined in ACLs is limited. If a

range of ports is used for source port in ACE it is not counted again if it is also

used for source port in another ACE. If a range of ports is used for a

destination port in ACE it is not counted again if it is also used for a

destination port in another ACE.
If a range of ports is used for source port it is counted again if it is also used

for destination port.

Example

console(config)# ipv6 access-list server

console(config-ipv6-al)#

deny tcp 3001::2/64 any any 80